In short, yes the username/password could be sniffed. Here is a good resource if you haven't already read it:
http://dev.mysql.com/doc/refman/5.0/en/security-guidelines.html
I'm not sure how your application is designed but in most cases the MySQL database is never Internet facing. In other words when you connect to MySQL from within your application it is only done from within your Intranet (local network). Sniffing is usually not a concern inside your local network because you should be taking steps to secure anyone from getting inside of it (firewalls, vpns, rouge network scanners, etc). Basically if someone maliciously gets inside your network... you're going to have bigger problems than them sniffing local packets.
However if you have to have the database Internet facing, or are overly cautious, you have really two options:
1) Use MySQL over SSL (MySQL versions 4/higher support this). Good luck getting this going though, I've been unsuccessful myself.
2) Use a secure tunnel (i.e. IPSec). Here you create an SSH tunnel (secure SSH is pretty easy to configure) and forward such tunnel to your MySQL port. This is a little complicated when doing it within an application however.