Web Clients and Passwords (SparkWeb, JWChat, JSJaC)

Folks,

When a user logs in thru one of the web clients using the non-ssl ports (5222, or 7070), is the password sent over the wire in plain text form? Wanted to know in case this is a security concern. Is the standard solution to use an SSL connection instead?

Thanks,

BEA