Are SQL Server userid's and passwords passed in clear on the network?
If you use multi-protocol net-lib with encryption then SQL standard security userids/passwords are encrypted along with the data.
When using an NT userid/trusted connection then passwords are not passed at all - the sids are used as in all NT credential checks.
If you are using SQL 7.0 client drivers talking to a 7.0 server then the SQL standard security userid/password is encrypted regardless of net-lib.
In any other case then the SQL standard security userid/password is sent in clear.
Windows Privacy Tools - http//www.privacywindows.com