AFAIK worklight is providing only two options for security between your mobile app and wroklight server. As you mentioned in your question Worklight is providing HTTPS for security. You can compress the data using compressResponse in your WL.Client.invokeProcedure

{
  adapter : 'adapter-name',
  procedure : 'procedure-name',
  parameters : [],
  compressResponse : true/false
}

compressResponse - Optional. A string that requests the response from the server to be sent in a compressed format to reduce the amount of data that is transferred between Worklight Server and the device. The default value, if compressResponse is not specified, is false. Note: This option is applicable for Android, iOS, Windows Phone 8, BlackBerry 10, Mobile Web, and Adobe AIR. For Mobile Web applications, compression is supported only when the device browser can decompress GZIP data. If the size of the payload is larger than the compress.response.threshold property set on the server, this option is ignored

You can always encrypt/decrypt, adapter requests/responses using javascript AES library.

You can use Stanford Javascript Crypto Library - SCJL for simple encrypt and decrypt. I guess SCJL is ships with Worklight.

SCJL is very simple to use. You find the below code to encrypt and decrypt.

sjcl.encrypt("password", "data");
sjcl.decrypt("password", "encrypted-data");