No matter what the client, whether it be a PowerShell script or the native Active Roles Server MMC Console, authentication credentials will always be passed in an encrypted form.
All RPC/DCOM traffic between the Active Roles Server to and from the MMC Console, Web Interface, and/or ADSI Provider is encrypted.
When the Administration Service resets a password on an Active Directory object, that password is always encrypted.
Encryption of non-password data depends on system configuration (such as Group Policy settings) on the machine hosting the Active Roles Server service. To force encryption for all LDAP traffic, it is possible to configure Administration Service to use LDAP SSL for managed domains.
Microsoft offers several resources, such as: LDAP over SSL (LDAPS) Certificate
For more information contact Microsoft.