Passwords should never be transmitted over the network in the clear;
Exposure of sensitive information (like passwords) should be limited.
Note that shared password systems fail to meet the second criteria.
