How does Ember Data deal with security of cached objects?

From what I understand, ember data is a memoization engine; invoking peekAll looks for cached data rather than making an expensive network call. But where are these data cached? If these data are loaded client-side, doesn't that mean the data is "in transit"? If I want to design a secure front end application that holds sensitive data for the least amount of time, how can I do this? Should I avoid using Ember data entirely and simply force back end calls to be made?