[Zope] owner/manager/root login protection

[Jake Latham]

Hi All -

Been lurking on the list for a while, first post.

My question is this:  I'd like to have some sort of protection in the for
the 'top' level accounts that could really munge up the site (we're using
Plone over Zope) if somebody got ahold of them.  I know the passwords are
stored encrypted, but for all I've been able to find, they're still
transmitted in plain text, correct?

So, we had two ideas:  First, is it possible to limit access of certain
accounts based on an IP address?  We should only ever be logging in as
admins from our internal machines, so any external non-us IP would be
automatically rejected.

Second, we had thought about setting up Zope & Apache to use SSL, but that
seemed like a bit of overkill for a relatively simple desire.

Should I just go the SSL route, or is there a more obvious solution we're
overlooking to protecting our more privileged accounts?

Thanks,

-Jake