If you run the Tool Fiddler and read through the packets you will see that that header information that contains the Username and Password is encrypted. So to gain access to your Wifi Guru they would need the Username and Password. Having the Username and Password encrypted is different than SSL securing all of they traffic to and from your device. The username and password is base64 encoded.
Your router can also block all traffic inbound, except for the one from your phone based on the mac address or ip address of your phone.
I wonder what the chances are of someone actually running a packet sniffing tool to monitor your cooking temps :)