I would agree with thehorse13. Similar to an employer having a right to view any emails on their server the ISP owns the wires and hardware you are using. They have the right to monitor if they so choose.

The issue of a company having access to your information is an issue, or at least a potential issue at a number of service providers. Your electric company, gas company, phone company, cell phone company, your employer's HR department, your ISP, etc- they all have key personal information about you. You provide information to them so that they can verify your identity and authenticate you when you contact them, but you are also trusting that the people who work there have scruples enough not to steal this information.

The people who have access to this sort of information generally know your name, birth date, home address, home phone number, and social security number- or at least the last 4. Armed with this information it would be a breeze to steal your identity.

I think the more important issue is trust. Do you trust that your ISP will monitor and log only necessary information and securely archive any such logs? Or, are you afraid that you can't trust the people who work at the ISP to not abuse their power or authority and somehow hack you or steal your identity, etc?

There is an emerging standard from the World Wide Web Consortium called P3P (Platform for Privacy Preferences Project) which would allow users to install agents to customize what and how they want their private information handled by P3P compliant sites. Sites that implement P3P agree to abide by your wishes. However, it is still a matter of trust- you trust that the P3P site will honor its word.

I can see where your ISP would know your password possibly for THEIR site or access to their services, and I can see why they might be monitoring general sorts of information about what IP addresses you visited, etc. I don't think they should be examining packets down to the level of capturing your passwords for 3rd party sites and even if they wanted to hopefully those passwords are encrypted somehow. If the passwords are being sent in plain text you have probably more to worry about from all of the other sniffers on the network than you do from your ISP.