I kind of walked you in to your response so that I could point out that the State Police database, the Fed database, and the transfer in between the two suffers the same exposure risk, as does the interception of info from dealers using cell phones at gunshows doing the BG check manually.
Oh no doubt there is the same type of risk. I have little faith in government computer security but the odds are that the exposure will be greater through an individual/FFL business check via computer than gov computer or cell phone interception.
Is the process just online and the dealer has no paperwork? Does the dealer just record the auth # down and can then toss the rest of the info off the computer?