MariaDB Galera Cluster

I have two mariadb servers in cluster that is working galera and xtradb. it is my primary server configuration: [mysqld] datadir=/var/lib/mysql query_cache_size=0 binlog_format=ROW default_storage_engine=innodb innodb_autoinc_lock_mode=2 wsrep_provider=/usr/lib/galera/libgalera_smm.so wsrep_cluster_address=gcomm:// wsrep_cluster_name='cluster1' wsrep_node_address='172.16.41.34' wsrep_node_name='node1' wsrep_sst_method=xtrabackup wsrep_sst_auth="test:test1234" log-error=/var/log/mysql.log Slave configuration : [mysqld] datadir=/var/lib/mysql query_cache_size=0 binlog_format=ROW default_storage_engine=innodb innodb_autoinc_lock_mode=2 wsrep_provider=/usr/lib/galera/libgalera_smm.so wsrep_cluster_address=gcomm://172.16.41.34 wsrep_cluster_name='cluster1' wsrep_node_address='172.16.41.36' wsrep_node_name='node2' wsrep_sst_method=xtrabackup wsrep_sst_auth="sstuser:s3cretPass" log-error=/var/log/mysql.log After deliberately changed the user in wsrep_sst_auth, I noticed that the servers no problem to connect and synchronize with different user and password . Do you think that is this a bug in galera? Is it possible to compromise the cluster? And also want to ask the traffic between two web server in the cluster that is encrypted? Thanks :)