Nintendo claims that it is: read the security information they provide at the credit card entry screen. That being said, you should already have strong encryption to your router (WPA is preferred to WEP). From there, I would think Nintendo uses additional encryption (like SSL) so that even if your connection was being listened to, the data would unreadable.
I can not personally guarantee the transmission is 100% secure, but I have trusted Nintendo enough to use it twice myself.