“Your data is securely protected because the business application platform is built on Microsoft Azure. This means that they benefit from the Azure platform’s powerful security technologies. Encryption of data, at rest and in transit, also preserves confidentiality. In addition, business application platform services use separate front-end and back-end clusters, the Gateway role, and secure data storage architecture. This helps protect your information and allows your organization’s data to be unified whether in the cloud or on premises.”
“The business application platform uses Azure AD as an identity repository for authentication and authorization. When users sign in to business application platform services via a secure (HTTPS) website, all communication between the user’s web browser and a business application platform service is encrypted.”
Thus based on this comments above by Microsoft, it is apparent that the Business Application Platform (which consists of Power BI, PowerApp and Flow) is encrypted at rest as well as in transit.
Hope, this link will help us understand all the security features.