In the auth protocol that TBN uses passwords are sent across the network hashed using the MD5 algorithm. That algorithm is deprecated because it's too easy to brute force. Session IDs, cookies, etc do not even have that very trivial protection. Those are what's used for authentication on TBN most of the time (when you click "remember me" on login). You should never use the same password for a site with weak security like TBN as you use for any account that you value. Really you should not re-use the same passwords for any site. Your TBN password should be a good random password, which means you'll need a password manager to remember it for you. There's free ones. TBN should use https (all sites should) but as I follow those security practices and I assume the world will see everything I post here, I'm not too exercised about them not using it.
(A hash is not encryption, though it's a cryptographic algorithm. It's a one way function- its not feasible to calculate the input to the hash when you only know the output. The problem with MD5 is that on modern computers it is so fast that it is feasible to hash a dictionary of likely input values, such as passwords, until you find an output that matches. This is called a "brute force" attack. There's a number of programs out there that have optimized hash routines specifically for doing brute force attacks on password hashes and can check hundreds of thousands per second on a reasonably fast CPU... much more on a commonly available GPU. Sorry for the nerdsplain but cryptography is what I do).