You can use forms (with post) rather than links (although anyone listening on your network can still see the password.) Or you can encrypt the password with DES or something (although the encrypted password would still be visible -- presumably it's harder to shoulder surf a long random string, though.)

Personally, I'd look for ways to not pass the password around from page to page. Usually this means setting a session-based cookie or session id. This means even if someone captures the session id, once the (verified) user logs off (or the session expires), the stolen id is useless.