what data transmission with tor is a security risk ?

[Arichy]

- plain text pop3
- telnet

ok.

Is it save to surf with tor and enter login username and passwort for
the website, if the form is in https ? If it's not https, is it unsafe?

What other types of data transmission of login/passwort
combination is sniffable ? (i know, every unencrypted, please
give tricky examples, if there are)

I think with .htaccess authentication the passwort is transmitted
encrypted? But if the Password is weak, the sniffer can easily do an
brute force attack at home...