The company is using standard protocols like IMAP, CalDAV and CardDAV, and it's promising to lock down data at every step. You need app-based two-factor authentication to manage the server, and email demands app-specific passwords. Helm does store an encrypted backup on its end in case the worst happens, but encryption keys are stored locally on your phone and a USB drive.
This won't guarantee that your data is hack-proof. If there's an exploit in Helm's code, all the authentication in the world won't matter. Instead, Helm is counting partly on security through obscurity. Hackers target cloud services and social networks knowing they might scoop up millions of accounts in one fell swoop. If they want to attack Helm users, they have to compromise individual households -- and that may be more effort than it's worth unless there's someone determined to swipe your info.
If there's a reason for pause, it's the price. A Helm server will cost you $499 when it ships in late November, and that only offers a year of free service. After that, you're spending $99 per year. Although that isn't completely far-fetched for a private server, it could come as a shock if you're used to getting remote email for free. This is primarily for security-conscious users who aren't willing to take any chances with their information and are willing to pay for ease of use.