SMTP AUTH LOGIN question

[Frank Barton <pauling () starwolf biz>]

I have seen many places saying "Don't use PLAIN or LOGIN methods for SMTP AUTH, unless they are encrypted" Now my 
question is this:
I've looked at the actual transfer of an SMTP session where the AUTH LOGIN was used, and the password wasn't sent in 
plain-text. Is it trivial to decrypt the 
username and password that is sent across the wire, or is there some other vulnerability?
-- 
Frank Barton
Starwolf.biz Systems Administrator

Attachment: _bin
Description: