I prefer using the stand alone deployment but it will still be quite a while before HTTPS support is in stand alone.
I missed your post earlier this month. You can use a tool like nginx to sit in front of WE and provide SSL and load balancing with multiple WE instances.
1) How is this information currently being sent? Plaintext? Is it obfuscated in any way?
Other than possibly being compressed, I believe it's sent in the clear.
2) I don't actually need this information sent back to the web-server, in fact it is better if it doesn't get it. Is there anything I can do so that I can use the Web Controls and styling but essentially stop the "text change" events from being sent to the web-server?
Someone from Real would have to jump in here, but I don't believe you can be sure that the text will never be sent back.