The credentials are passing over cleartext channels when you are authenticating to coh2.org. Somebody could sniff these out IF they had a method of listening in on the communication channel.
Listening is trivial.
Having access to listen can be more difficult, but still isn't even that hard depending on the type of wireless/network security being employed.
The worst-case scenario as I can see it would be some one getting to listen in on the incoming connections to coh2.org's server. I don't know anything about their server other than a few small things I've discovered on my own (IP address, some open ports, OS version, etc). I purposely did not poke around any more because I wasn't, and don't want, to attack coh2.org... so I don't know how easy/hard it would be for an outsider to get access to the server. (Would be a fun/interesting pen test if I had some sort of written/signed consent from Ami though! Otherwise I'm not touching it any more than I have.)
All in all, as Inverse said, it isn't a high risk vulnerability (in this case). In all likelihood some one would have to specifically target your home network in order to exploit it at all - and even that can be entirely mitigated by simply using a different password for coh2.org than you use anywhere else. Even if some one got access to your coh2.org account... what are they gonna do? Troll the forums I guess? And probably try your password on other sites - like your bank account/email/paypal/amazon/etc which is why you should use a different password.
As far as Das points out with the piece of paper. In terms of storing your password, yes that's technically the most safe since some one would have to break into your house to retrieve it. But with the way passwords are passed along the internet you still want a good password. Even if your password is written down, if I see: dc647eb65e6711e155375218212b3964 come up as an MD5 hash anywhere, I can crack it in a matter of seconds and find out that your password is: "Password"
As compared to something like this: 316d314d194256c3a5c7c591d51cf6e0 which probably won't get cracked ever. Well... I say that but it is an MD5 hash and MD5 kinda sucks in today's day and age. So yeah, it's still probably crackable, but a lot harder.