This is because vDiplomacy doesn't use HTTPS, and the latest versions of Chrome and Firefox warn users not to enter important information through standard HTTP. However, since Oli is not really around anymore, the site is unlikely to get a HTTPS certificate anytime soon.
I don't know much about the inner workings of the site, but I know that the database itself is encrypted extremely effectively (Kestas, the creator of the original PHPDiplomacy software, is a professional web developer). I'm not sure if passwords being sent in during login are encrypted prior to transmission, though.
This should be common knowledge, but try not to use the same password on multiple sites. At the end of the day if your vDip password is compromised in some way, we can help you get your account back (usually using your email as verification, so make sure your email account is one you have access to) and change your password. If you've used the same password on gmail, facebook, or other sites, and the perpetrator uses it to gain access to your accounts there, we can't help with that.
This is just in case. It's possible that passwords are encrypted prior to being transmitted, and it's also incredibly unlikely that someone both targets vDip and manages to intercept password info - but the above should be standard practice anyway. Never use the same password across multiple sites (important sites, at the very least).