Hello, two quick answers...
First of all, even if the guy could see it in his browser (have you tried it

he already knows what it is because he just typed it.
Second, if someone else wanted to sniff the wireless network he can and would get the info any way having the correct tools and experience to use them. On an unencrypted open public network this is just something you have to live with.
To summarize - we are very pleased with the solution we have built and implemented. It works for us. I am sharing info with this thread because I can - I gain lots of info from all the other people so its good to give back when possible, everybody wins. If what I do doesn't work for you or you want to test further to see how safe you deem it then go for it. Everything takes lots of time - that is our enemy

Its not worth my time to sniff anything to try and save $5... or $50 for that matter. Have better things to do...
Scott
Hi Scott,
Don't get me wrong I am very grateful for this information.
At one stage we were using a different system to Mikrotik and the username and passwords were being sent via wireless in clear text - ie not SSL
At this stage we thought...well what are the chances of someone doing that...very slim to none.
Until one day we had serveral users ringing up saying..."hey it says I am logged in and I am defintely not."
and
"all my data has gone and I most defintely did not download that much and it says that someone with a mac address XX:XX:XX which is not mine has downloaded it.
At that point we were a little concerned and found out that there were 2 people sniffing our network for usernames and passwords.
After moving to the mikrotik system and using there default login page...in particular this line of code
document.sendin.password.value = hexMD5('$(chap-id)' + document.login.password.value + '$(chap-challenge)');
alot of our problems went away.
Only down side with this is that if you want to make any changes, you have to make it to all sites. Can be very time consuming especially if you have over 100 sites.
Scripting with FTP can help ease this process though.
Good to talk to someone experiencing the same issues as me
Cheers