I have a set of variables which i am sending to a second script via the POST method, my question is, can this data be extracted by a hacker somehow?

For example, i'm sending the user's password via a post command to another script, i'm guessing the most a hacker can do is find out his own personal password from the script posting the data to another script, but he couldn't find another person's password... ?

Also another general about php scripts, these scripts themselves can't be downloaded from a server to view the content is that correct ? The reason is the script itself contains some sensitive information

All trafic that goes over a network connection can be 'extracted' by a hacker, using ssh is only way to secure this.

>Also another general about php scripts, these scripts themselves can't be downloaded from a server to view the content is that correct ?

As long as your server settings stays intact then you can't download php files, however I usually put my files containing sensitive information outside of the web root.