Victor,

If you are using forms authentication the values (username and password) as passed as clear text over the wire.

Here are some articles:

http://www.researchmag.com/siteserver/Docs/ss_security_yrke.htm
http://builder.com.com/5100-6373-1052976-3.html (second paragraph)


If you take a look at the login page of yahoo, you will see that the password is encrypted client-side before being passed over the wire. HTTP does not encrypt any data over the wire, unless you are using SSL.