MobileMe is userid and password protected, but that is not absolute security. As far as I know this has never happened to MobileMe but some highly reputable financial and government sites have been hacked and the userid/password lists compromised which makes the data on that site vulnerable until the compromise is detected and new passwords issued to all the users. Financial sites are targeted for obvious reasons but it is not obvious to me why MobileMe would be the target of such an attack. MobileMe is not that rich a target to mine.
It is more likely a breach of your specific account on MobileMe would occur if you...
- chose an unsecure password
- use the same password indiscriminately across multiple internet accounts
- write or record your password where others may stumble across it
- are known to store very sensitive/valuable information on your MobileMe account
- are the target of organizations with lots of resources and a reason to target your data (the IRS, CIA, FBI, etc. come to mind)
- are using a Windows PC
The data security question always ends up in finding the right balance between the value of your data, convenience, and your tolerance of risk. If you will feel more comfortable then by all means use some means of encrypting the data before placing it on MobileMe.