Hello Austin,
On Sun, 2011-01-09 at 14:06 +0530, Austin Einter wrote:
By checking few packets content I could figure out the user name and password in plain text.
This is an issue with *any* web application that connects over http. If this is a concern you should set up your webserver to use SSL (https) for such connections.
That said, personally I feel users choosing poor passwords is a much greater concern than someone being able to sniff those passwords on the internet. For the average bad guy sniffing traffic on the internet requires much more effort than running a script that brute forces (weak) passwords.
You might want to look into the User Protect module. You can use this module to block users from changing their passwords.
Regards, Leonard.