The results are reported via the scheduler URL if I interpret the code correctly. If this URL is HTTPS then encryption is used, see scheduler_op.cpp and its subsequent calls. It seems to be far too rare though:

$ grep scheduler_url /var/lib/boinc-client/client_state.xml 
    <scheduler_url>https://boinc.thesonntags.com/collatz_cgi/cgi</scheduler_url>
    <scheduler_url>http://www.distributeddatamining.org/DistributedDataMining_cgi/cgi</scheduler_url>
    <scheduler_url>https://scheduler.einsteinathome.org/EinsteinAtHome_cgi/cgi</scheduler_url>
    <scheduler_url>https://numberfields.asu.edu/NumberFields_cgi/cgi</scheduler_url>
    <scheduler_url>http://54.208.77.129/pogs_cgi/cgi</scheduler_url>
    <scheduler_url>http://www.primegrid.com/cgi/cgi</scheduler_url>
    <scheduler_url>http://srbase.my-firewall.org/sr5_cgi/cgi</scheduler_url>
    <scheduler_url>http://yafu.myfirewall.org/yafu_cgi/cgi</scheduler_url>
    <scheduler_url>http://www.rechenkraft.net/yoyo_cgi/cgi</scheduler_url>

So, the way I understand it is that the WU communication is encrypted if the scheduler server uses HTTPS.