I was surprised when I saw this one in some logs today. The smart phone application Parlor, exposes your username and password in the HTTP URI through their API, plain as day. These are what we like to call "easy wins" as they require no effort to find in standard event logs, and require no digging through the frames of PCAP files. Here is a screencap of the HTTP field:
Be careful when signing up for some of these applications on your smart phone, you never know what is exposed.