That is really no different than sending your creds in plaintext. If all the server needs is the hashed creds than it's just as easy to intercept the hashed creds and replay them as it is to intercept the creds and replay them.