Is the connection from PHP to a different MySQL server 100% secure?

I tried to find this information but was not able to.

How is working the connection from PHP to MySQL server. As the password is sored plain, is it also sent plain to MySQL if it is stored on a different server? Is there any way for a "man-in-the-middle" to intercept the password?

Thanks in advance,
Sébastien

AFAIK, you are correct that the connection between PHP and MySQL is NOT encrypted and presents a security risk particularly if the web server and MySQL server are different servers.

In the past, I had a setup with one central MySQL server and several web servers using PHP and other languages to talk to the MySQL database. I secured it using SSH tunnels between the servers that remained active at all times. On the web server, I used all the same commands to talk to MySQL (PHP and the mysql command line client) and just specified a port of 3307 instead of the default 3306. Port 3307 was forwarded through an SSH tunnel to the MySQL server's port 3306.

This setup also included a backup MySQL server, which did MySQL replication between the two MySQL servers (different machines) using a SSH tunnel.

While I didn't do any extensive testing on this setup, it seemed to work well with no noticeable degradation in performance. On a few rare occasions, the SSH tunnel would drop and I would manually have to reconnect it, but this was very rare.

My documentation for setting up the SSH tunnels is on GitHub.