You can create an app that uses SSL/TLS to talk to the server. That's just an ordinary network app using secure transport and JNLP doesn't factor into it. You can digitally sign the app to frustrate tampering. You can run JNLP over a secured, encrypted web page to limit who can download the app.
Customer surveys are for companies who didn't pay proper attention to begin with.