Yeah, at worst a misconfigured system where non-root users have access to sniff it could be attacked.
Short of that level of extreme misconfiguration, you need admin, which means all bets are already off as you can keylog, inject libs, patch the executable, whatever you please really.
They could do more to protect this, but anything more would be a half-measure of no real use against a targetted attack at least.
In general it depends on the protocol that is used for communication. If it for example were not authenticated HTTP, it could be remotely exploitable by a website that a user visits.
Short of that level of extreme misconfiguration, you need admin, which means all bets are already off as you can keylog, inject libs, patch the executable, whatever you please really.
They could do more to protect this, but anything more would be a half-measure of no real use against a targetted attack at least.