This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
If you have nothing to hide, then you have nothing to worry about!
I think you answered your own question. Seriously, tho. The answer to your question is "It Depends". If your situation is that noncritical data is flowing between a client and server on an intranet you may not have to secure the connection. Now if you are transmitting medical data including insurance numbers, diagnosis, credit card #, names and so on across the internet, you will definately have to secure that connection. The reason why you don't see much on the internet about securing connections to EJB's is probably that the most common use of EJB's is to back up a web site or service, so securing the connection is a web server task (usually using HTTPS).