So you are a consumer and not a provider?
Consuming a REST service is no different than visiting a web page in a browser. Its all done over HTTP(S) which is encrypted and the result just happens to be JSON (text) and not HTML (also text).
Many websites use REST and JSON to supply data to website eg stocks sites, weather sites.
If youre security people are concerned with that then the internet would basically be unusable.
If you were providing REST services from your environment then that is another discussion point as there are certain best practises you need to adhere to.