Python smtplib security -

i experimenting email python script , wondering if when writing python-based email script is less secure opposed when credentials send on internet when logging web page? in following script, user , pass in clear?

import smtplib email.mime.text import mimetext  gmail_login = 'xxxxxx@gmail.com' gmail_password = 'amiexposed?'  def send_email(subject, message, from_addr=gmail_login, to_addr=gmail_login):     msg = mimetext(message)     msg['subject'] = 'test message'     msg['from'] = from_addr     msg['to'] = to_addr      server = smtplib.smtp('smtp.gmail.com',587)     server.ehlo()     server.starttls()     server.ehlo()     server.login(gmail_login,gmail_password)     server.sendmail(from_addr, to_addr, msg.as_string())     server.close()  if __name__ == '__main__':     send_email('testing email script', 'this test message') 

that entirely depend how tls connection set up. if requiring valid certificates (i believe if certificate not trusted encountered, starttls method throw exception (i'm not sure you should verify this)). considering setting tls, , sending on tls connection, should encrypted. means neither password, username or message , addressees sent in plain text.

so no, username , password not send clear.