Is there any way that someone (e.g. a relay) could intercept my data? Or is it encrypted in transit?
If I’m using SyncThing to sync databases from my production server to my backup server & test environments, and there’s any way that a relay could read the data, I guess I’m in trouble.
The docs section about relays explains this.
The connection between two devices is still end to end encrypted, the relay only retransmits the encrypted data much like a router. However, a device must register with a relay in order to be reachable over that relay, so the relay knows your IP and device ID. In that respect it is similar to a discovery server. The relay operator can see the amount of traffic flowing between devices.