You wouldn't write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection that's essentially what you're doing.
There is a better way, the secure version of HTTP — HTTPS. But if HTTPS is more secure, why doesn't the entire Web use it? Web security got a shot in the arm last year when the FireSheep network sniffing tool made it easy for anyone to detect your login info over insecure networks. That prompted a number of large sites to begin offering encrypted versions of their services via HTTPS connections.
ARS Technica: http://arstechnica.com/web/news/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it.ars"