You're a bit off my league here, but I'll try to answer anyway, please correct me if I'm wrong. As far as I know the HTTP server alone can only interpret HTTP comands (ex GET) by itself, for anything more you'll need some additional support. For example you could design a software converter on the server side that listens to your embedded devices (using sockets) and translates their requests into HTTP requests and then forwards them to the browser. However, if you do that, it might become more convenient to use that software alone, without the HTTP server. I can't give you a straight answer as I'm not aware of the specifications of your application. Anyway, this converter seems the best solution for you as it moves all the work to the software instead of the hardware.
As for the security part, I'm afraid I can't tell you much. You could of course encrypt the data as you said, but on the other hand you mentioned that you want to use the modules as they are. So maybe you could move the problem to the server side again. Add firewalls and use password protection for your software. Anything more would require modifying the hardware.