Here:
https://github.com/DeqingSun/ESP8266-Dash-Button
"You can connect your phone to target WiFi network, fill textbox with
SSID and password and press "ESPTouch", then the app will encode SSID
and password in length of UDP packets and broadcast packets to all
devices. If ESP8266 decodes WiFi information successfully, it will
broadcast a UDP packet back to your phone to end pairing process."
This means that SSID and PSWD are broadcasted via UDP... Not very secure :).
I am still not getting how ESP8266 in AP mode is getting these
packets, as they are broadcasted on your home network (your phone is
connected to your home router).
BR,
Drasko