Passwords in plaintext?
Burp Suite in proxy mode is able to decrypt HTTPS traffic of any systems which trust it. It does this by generating an own certificate and use this cert to register itself as a certificate authority on the system it is installed on. When it then proxies a request to a HTTPS webserver, it does the HTTPS handshake itself, decrypts the traffic, issues a certificate for the webserver signed by itself as a certificate authority, uses that certificate to re-encrypt the traffic and send both the forged certificate and the re-encrypted data to the client.
This allows Burp Suite to eavesdrop on HTTPS traffic. A user which uses a normal proxy server or doesn't trust the Burp Suite pseudo-CA would not have their credentials compromised.