Most programs do not send passwords between a client and server without hashing them yes? If you have a man-in-the-middle who does not know the algorithm for hashing this provides some security yes?