The main thing I would explain is this:
Textmill.io does not store any data. When any file is uploaded to the service for text extracting after the conversion and converted text responded to the caller (to WPFTS Pro instance) all data is removed.
Nothing stored means nothing will be stolen etc.
Textmill.io also uses HTTPS and protected servers.
Yes, I would not recommend it for very important secret documents (military, government, etc). But I also think that these companies that manage such information do not use Wordpress at all and have enough money to create their own protected systems and CMSs.
Wordpress itself is not that protected and safe. Any small code stored in the 3rd-party plugin may share any information on the internet.