it is possible to configure the plugin to use authentication but it does not warn you if you do not also use SSL or TLS.

Without TLS/SSL the entered credentials can be transmitted in plain text on the network.

When using authentication then the plugin should provide a warning if not using TLS/SSL.