Yes. If running SambaPOS on a server and having all clients connect via RDP (using either SSL or native RDP encryption) and the app is running inside a widget, there shouldn’t be any security issue, at least nothing related in this context.
But there is little gained from using access tokens on a non-SSL server without the addition of externally provisoned secure network tunneling. And that isn’t mentioned anywhere on the forum afaik.
My point is that SSL support on the GQL server is something needed to complement the private key and token handling functionality.