A simple bind request, like the one you're using, does not do anything to protect the password. In order to ensure that it's not exposed to anyone who might be able to observe the communication between the client and the server, you should protect that communication with something like SSL or StartTLS.
There are other authentication mechanisms (like the DIGEST-MD5 SASL mechanism, which I believe that Active Directory supports) that do protect the password even over an unencrypted connection. Unfortunately, it's not easy to use those authentication mechanisms on Android because the Android API doesn't include the necessary SASL support.