Hi Ben,
Security is always a hot topic when it comes to VoIP. In theory it is possible to “listen in” if you can get access to the IP packets using a sniffer etc.
In practice though it is quite difficult unless you can get on the same network as one of the endpoints.
A much simpler way is to go to the rack room or co-location with a telephone and crocodile clips and connect to the circuit when it changes back to TDM – The old ways are sometimes still the best ways!
If you have any particular concerns I’d be happy to comment.
Hope this helps