I'm confused about the message, whether plaintext passwords are okay or not.

Then I will be more clear: plaintext passwords are NEVER acceptable across the open Internet.

(And some embedded devices have "SSL" that is little better than plaintext anyway — if the RNG has only a 32-bit state variable, then 32 bits is probably the effective strength of the session key!)