I am unfamiliar with the device you have or its manufacturer but since this is an iOS app you had to get it through Apple's App Store which means that it has been pretty thoroughly vetted by Apple for all possible security issues. That does not mean some previously undiscovered exploit could not get through the screening, it has happened at least once or twice. However when it has happened, the offending app was quickly removed from the App Store and a patch to iOS was almost immediately forthcoming to prevent anyone else from trying the exploit. So in all likelihood you are safe.
The app, of course, discovered your WiFi network because it "sees" the network connection on your iPhone/iPad. As to the controller device itself, since you had to link with the device in some manner in order to send the ID and password to it, and that process did not include a physical cord connection, I would assume it connected via Bluetooth. At least that is the way that was handled by all my various remote devices. The Phillips light control hub and August Lock required pushing a button on the device to confirm the initial pairing, but the Apple TVs, and Rachio sprinkler system did not, the controller and app simply detected each other and paired.
My oldest remote devices, Nest thermostats, required manually entering the network userid and password from the thermostat itself. I like the newer devices and apps a lot better, but not enough to buy new thermostats.
