All of your data is transmitted to and from Apple's servers in an encrypted format, using secure sockets layer (SSL) via WebDav, IMAP, and HTTP. And all of the data is encrypted on disk on Apple's servers -- except for email and notes. Email isn't encrypted, according to Foresman, for performance reasons that include features like searching messages on the server. That's something that Mail.app and Apple's servers do very well. Notes are currently synced on Mac OS X via Mail, but with OS X 10.8 Mountain Lion adding a separate Notes app, encryption may finally come to your private Notes.
Apple didn't tell Ars exactly what methods they use to encrypt data on disk, but believes that they're using "some type of file-system encryption that is decrypted on the fly when requested from an authenticated device or computer." OS X may be using the PBKDF2 (Password-Based Key Derivation Function) standard recommended by the National Institute of Standards and Technology, and if this is also being used to generate the secure tokens for accessing iCloud, then your data is very safe.
How safe? Foresman notes that "Assuming Apple is generating keys that are more than 64 bits in length, the chances of someone brute-forcing the key and decrypting the data within a lifetime are slim to none."
While Apple's email service is currently not as secure as the rest of the iCloud services, Foresman does mention that you can use standard S/MIME encryption like PGP to insure secure email service.