There is a security vulnerability in the WordPress-Plugin Active Directory Integration. If set “Use TLS” to on as recommended, the communication between the blog server and the Active Directory was still unencrypted.  This is fixed in version 0.9.7. Thanks to Jim Carrier for the bug report. Download 0.9.7 or use the automatic update.