The passing of the password for access to the database is protected natively by MySQL. This means you do not have to worry about the password being seen in clear text while it is transferred between a host and the MySQL server. However, please note that the transfer of database data between the host where your script runs and the MySQL server will be in clear text, unless you use stunnel (SSL tunneling connection).
If you are using the Stanford CGI service then you can choose to use stunnel to access your databases, because IT Services runs a stunnel between the CGI and MySQL servers. The resulting HTML data will not be encrypted, but the passing of the database values will be.
The MySQL servers are not behind a firewall. Although the user name and password are encrypted during the authentication, data connections are passed unencrypted. Using stunnel adds data encryption when data is transferred between the server and the client.