In order to send the emails via SMTP, this module needs to store your SMTP credentials including an email and password in the Form Tools database. As of 2.0.0 the module encrypts this information in the database, but it's still a 2-way encryption (i.e. it can unencrypt it to use the information to send emails as needed). Because of this, if a malicious user gains access to your server or database they will be able to access the email account.
To minimize the damage if this occurs, you should use an email account that's used solely for the purpose of Form Tools emails. That way, the amount of information that can be accessed from the email is limited. Secondly, you may want to consider regularly deleting any email logs on the SMTP server.