Of course you can capture a handshake and try and bruteforce the password. But as long as said password is long enough, and even with GPU-assisted cracking, you'll die before you even go through a thousandth of the possibility space.
Security doesn't have to be perfect - if it turns out eventually that hardware advances or a flaw in the implementation makes an attack even remotely feasible, then you'll surely be able to update the heart's firmware or even, worst case scenario, to replace it. For the time being, it's good enough. And even if an attack is possible (jamming seems certainly possible, for example, and would prevent adjusting the heart rate for the duration), the device should never obey any command that may put the user at risk - IE, never go below a certain rate.
Meanwhile, the people this device is implanted in wouldn't even be alive without it. And shit, we're talking about a completely artificial heart, currently being implanted in humans, the first one of which allowed its wearer to last for 76 days (an impressive success by all accounts). This is the stuff of science fiction. The WIFI aspect hardly seems relevant compared to this - and yet 90% of the comments seem to focus on that. How depressing.