1. No. RouterOS user passwords are not stored in plain text, but anything can be decrypted with enough effort. We will now make this much harder to do.
2. Even if your device has other firewalls, but you have Management access open to the world, yes this still means unprotected.