base64 is not encryption. It's encoding. (see e.g. difference between encoding and encryption) Decoding encoded data is trivial. As such, it isn't safe to use alone in cases which demand encryption, such as exchanging of private data. base64 is pretty easy to recognize by sight, so if someone gets their hands on your HTTP packet, they just got your password.
If you use encryption with an algorithm that isn't broken, and the attacker doesn't know your private key - you're good. In that case knowledge of what algorithm you used doesn't help the attacker much. See e.g. encryption for more details.
Using SSL should be enough. See e.g. how secure is SSL. No need to encrypt same thing twice.
DevExtreme is a HTML5/JS framework, so you should look for materials talking about securing such things as AJAX, etc. Depends also on what you use server-side. I guess it all boils down to securing vulnerable data transmission, and your server-side app, whatever you use there. Can't help you much with this one.
One more thing: as I wrote in pt. 4, DevExtreme is a HTML/JS framework. As soon as anyone downloads your app, they already have the code, as DevExtreme apps aren't compiled as such- They're just web apps, so the only thing your users don't have access to is your server-side code.