You should hash the password in your application, not in you database. This means that:
- Browser to application -> password is send in plain text protected by ssl
- application to database -> password is allways hashed
Now you have no problem with someone running a profiler, because the passwords are hashed. Besides that if someone can run a profiler, he can probably do much more damage then reading the passwords...