I am not suggesting that synergy actively did something to send my passwords to a master server or anything.

I am concerned that there is no authentication, and the data sent is not encrypted. This provides a hole for other people to connect to the synergy server, or snoop the data on my network.