[...] I think with .htaccess authentication the passwort is transmitted encrypted? But if the Password is weak, the sniffer can easily do an brute force attack at home...
It depends on the authentication scheme used--Basic authentication just sends the username and password encoded in base64, and is basically as bad as plaintext auth. If the server uses digest authentitication, however, you're correct.
-Brendan