I don't think you will ever see a password "in clear", through a Telnet server, as they don't have a password function per see, but rather piggy back on the box's password function. Furthermore, I don't think passwords would be stored "in clear" on the box, just for the reason so they could not be seen "in clear", if someone dumps or has access to the router's RAM.
dear oh dear.
Telnet is a
plaintext network protocol.
Thus all you require is the ability to snoop on the network. Snooping on a wireless network is even easier than a wired network because you've no longer got the physical constraints to bypass, only logical constraints. And in the case of Mr Optimistic even those have been removed :
I can use an open network
You should also have a read up on brute-force attacks whilst you're at it.