I'm primarily asking in regards to HIPAA.
More importantly than "is it secure" would be "does it meet HIPAA requirements?"
In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.
Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.
Then the negligence law takes place which is more strict than hipaa iirc @scottalanmiller