The form data and log are created and handle with security in mind. It should not be able to grab without login. If you want it more securer, you can config the script to store the data out of the website structure. You can edit the form.lib.php as the following example :
define( 'PHPFMG_SAVE_FILE' , '/secure-folder-here/form-data-log.php' ); // save submitted data to this file
define( 'PHPFMG_EMAILS_LOGFILE' , '/secure-folder-here/email-traffics-log.php' ); // log email traffics to this file