You would be amazed just how many systems are on the Internet and unprotected. Using a non-encrypted connection is almost like asking someone to use a packet sniffer and steal your password.
For a good overview of just how many zSystems are on the Internet, I do recommend watching a video by Philip Young on YouTube. Philip has given several very interesting talks about exposed zSystems.
Now, since you want to encrypt your session, here are instructions for enabling access to servers that use self-signed certificates in Rational Host on Demand. (NOTE: these instructions were taken from http://www-01.ibm.com/support/docview.wss?uid=swg21395269)
NOTE: pictures and additional details will be coming soon
cd /opt/IBM/HostOnDemand/binSwitch the section to Signer certificates
Import the certificate you want.