Hi Lorelei.
You're not the first, and certainly won't be the last to ask for encryption of CMOD sessions between clients and servers. I've asked IBM to implement SSL for CMOD, and the answer in general terms is that the impact to server performance is too high.
I haven't been privy to the solutions implemented, but my first guess is that implementing ODWEK on the same server instance as CMOD gets you half of the way there, since the back-end requests don't have to go over a physical network.
For what it's worth, the data that CMOD whizzes back and forth is in a proprietary compressed format. Obscurity isn't security, but it's another barrier that will keep casual eavesdroppers from reading data in transit.
-JD.