I would bet that it uses basic plain-text authentication and doesn't support SSL (secure socket layer). Assuming that's the case, it would be possible for someone to gain access and crash your tank. However, they would need:
1) access to your network at home, access to the network you're connecting form, or access at some hop between the two.
2) the know-how to sniff packets and extract passwords
3) to be on your network actively sniffing when you type in your password
#1 could be accomplished in several ways. If you have an unsecured wifi network, they could sit outside your house in a car with a laptop. Alternatively they could go online at the same starbucks you do or plug in to an ethernet port at your job. (well, probably not at YOUR job, Tony, but at most peoples jobs).
#2 may not be that difficult, since there are handy utilities that will do it for you.
#3 is just a matter of patience
It's also possible that the controller supports SSL or at least digest authentication. That would make it much more difficult.