If you check with black hats, you will noticed that there are two tactics that they use approximately never:
- network packet sniffing, and
- break-ins to email
What they're saying by this is that passwords sent in the clear are not an interesting target.
Just trying to bring this conversation back down to earth.