Hmmm. Looking at the protocol spec, it appears to be a (single) DES challenge-response thing, so you're right. That should be reasonably secure. Maybe it was something else I was thinking about, but I could have sworn it was related to the password. Maybe how it's stored on the server? Of course, that's irrelevant to network snooping.