Data in transit will use SSL/TLS with certificates = asymmetric encryption, data in transit should be secure, and data at rest will use AES = symmetric encryption, of course you could also send data already encrypted too which if intercepted should be ok.
Attack: Possibilities depending on the setup:
1.If your entering sending a password over an SSL/TLS connection to decrypt the data otherwise you won't have access to it over the net (even if decryption is done on your system you still need to send the password) which sounds secure, as the connection is encrypted, but not quite, all it takes is an exploit like heartbleed
http://heartbleed.com/ or you could use that exploit to get your password.
The problem is many websites still use OpenSSL for SSL/TLS as its free (unlike BlackboxSSL/TLS) and many servers are still left unpatched today.
Anyhow even if no exploit was used, SSL/TLS encryption strength is deliberately weakened for the mass surveillance systems in place, so with all the above in mind that's what I meant when I said " what use is that if a public hosted server has encrypted copies and it gets attacked"
2.If the data is downloaded to your system first and then you decrypt it on your system then your password will be fine unless the server gets hacked and sends out malware, the server will always have a copy of your shared data and every public facing server is vulnerable to attacks of all sorts and as mentioned earlier your password could be got through a hacked server sending out malware in the form of updates etc, and your system already trusts the sync app, and you prob installed it logged in as admin, that's half the battle.
It's entirely up to yourself, but as you know, nothing, absolutely nothing is safe on the Internet, thousands of zero day exploits are taken place now and most have no idea.