Report Offensive Message

Many users don't dig deep enough to know that. They trust that whoever created the program/protocol must've known what they were doing. They see it is configured to use a password, and don't stop to think how it is sending/storing that password (or the data the password is supposedly protecting).