There are many clear-text protocols still in use today. Telnet is still alive and well. FTP and POP email both use clear-text protocols. Creating a server to emulate any of these services is trivial. Combining that and some DNS spoofing can cause normal traffic to come to your fake servers where the usernames and passwords can be obtained.