Currently Remote Config can be sniffered and there is no option to configure protection from "man in the middle attacks" in client side.
The best solution is to add support of Certificate Transparency.