As long as you use https for your Jenkins there should be no risk that username/password are leaked. If you run without https then anyone that is able to read the network traffic can find out the password.
Jenkins behaves here no different than other sites that ask for username and password.