You can extract several bits of entropy per typed character from network traffic timing information. That's plenty to bring an exhaustive password-guessing attack down into the feasible range, if you have some way to know when a particular person is typing a particular password.

As a crude countermeasure, I leave about a second between adjacent characters in a password when I am typing the password over a network.

Hmm, go and read chapter five of lcamtuf's book "Silence on the Wire," part of which is incidentally available as a book sample:

http://www.nostarch.com/download/silence_ch05.pdf

wherein he gives this scenario a fair analysis (discussing signal encoding schemes, timing, and a DIY kit).

People have done papers on traffic-analysis breaks of secure protocols based on keystroke timing...

Reading data leaked via traffic LEDs was documented years ago at speeds up to 56kbps, with the expectation it would work at least up to 10Mbps; see this 2002 paper:

http://applied-math.org/optical_tempest.pdf