first of all sorry for not getting back to you earlier.
Generally, no login information is sent to a any third party (including me and the device synchronization). They will only leave your device while communicating with the Amazon servers.
The username and password are encrypted and saved on your device so you do not need to enter it on every refresh. The app uses this information while refreshing status messages and checking for new orders, imitating the procedure that you would perform with your browser, logging into the "stripped down" Amazon website (via a secure HTTPS connection to https://www.amazon.de/gp/aw/ya/ref=aw_oh_ch
Thus, it's about as safe as checking the order status in your mobile browser, storing the password locally (not syncing it like e.g. the Chrome password sync feature).