Cisco access points can send WEP keys in the clear, but not by default: A security flaw means that if an administrator enables a very specific SNMP monitoring option, an access point can send WEP keys across unencrypted links. However, because this must be enabled, and because it doesn't affect dynamic WEP, it's not a big deal.