This week's book giveaway is in the Cloud/Virtualization forum. We're giving away four copies of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds and have James Denton on-line! See this thread for details.
Yes, form-based auth is in clear text, because to the browser it's just a regular form submission - it has no idea that it's user credentials. Of course, a base64-encoded password is only marginally harder to recover than a plain text one.