In the Users table the password is visible and not encrypted in any way.

Is this a problem?

Since I am not the administrator of our SQL Server can't administrators look at these tables and see those passwords?

This application is for a Purchasing system and Internal Auditing would have a fit about this.

Should I be developing a method to encrypt those passwords so no one can see them?

Thanks.