MQTT connection is not encrypted.However no sensitive data are transferred through MQTT. When the administrator updates the configuration in the web panel, it sends by MQTT a notification "Refresh needed". Devices receive this notification and request the new configuration through HTTPS.
If you're concerned about using unencrypted protocol, you can switch Push notifications to "HTTP polling". After that, Push notifications will also be delivered through HTTPS (but the delivery may be delayed by up to 15 minutes).