Maybe "trivial" was too strong of a word. And I'm not a black hat, so I don't have the right skill set. But from what I've read, and heard from security conscious individuals, is that it can be easier to intercept the plaintext password en route than to hack the server and get the passwords that way.

Many security practices are boiled down and imposed by people that are not fully aware of the impracticality of the supposed exploit especially in a specific environment or the resources required to mitigate. I'm sure that the admins here at the time were displeased, but the response is a great study in how to respond to a breach correctly. Measured responses to difficult problems. This is a monastery, not a security fan club. From what I understand, the decision to encrypt the db was investigated, discussed, and dismissed. And revisiting the issue every so often is probably not a bad idea just because it starts making people think about security. But tunnel vision towards one specific problem / solution is not really helpful.

I like Linus's view Linus Interview - Washington Post

:) intercepting unencrypted traffic is trivial, but first you have to be on the same local network

so my roommate can intercept my lan traffic

yeah, so what, he can just as easily walk into my room

doing that from the other end of the internet is not trivial

A recommendation: always pay attention to whether a site uses HTTPS or not; never, NEVER, NEVER reuse a password on a non-HTTPS site that you've used anywhere else.
Even HTTPS can be cracked in thirty seconds.

> HTTPS can be cracked in thirty seconds

Care to share the sources?

($q=q:Sq=~/;[c](.)(.)/;chr(-||-|5+lengthSq)`"S|oS2"`map{chr |+ord
}map{substrSq`S_+|`|}3E|-|`7**2-3:)=~y+S|`+$1,++print+eval$q,q,a,
[download]

The DROWN Attack
Update: There are many ways...See more..

Perhaps, but cracking SSL is significantly more complex than simply sniffing a wire for plaintext, or performing a MitM attack on a non-HTTPS connection.