The SMTP Authentication password appears in plain text in the settings. Is the password then transmitted in a "public" way? i.e. if the site is used over http instead of https, is there a realistic possibility that without too much difficulty the password could be seen by anyone using my contact form? Or would they only be able to do so if they had compromised my system or my network etc in the first place? What I'm getting at is, could Joe Public see this password just by visiting my website?