Needed to be guided trought SSH Tunnel with a delphi Application

I created a Delphi 2010 application. It is use by many company in the region from trusted to untrusted users. The application authenticate users with MySQL behind MD5 encrypted password. Following this, the application need to upload and download many files trought ftp.

The fact is : any network sniffer (such as Ethereal also known as WireShark) can grab my plain user and password from the ftp part of my application. Encrypted password can also be grab and anyone can log with any ftp application to my server and make unpleaseant things.

[TindyFTP] is used to manage the FTP connexion itself. This object those not support SFTP which I tought that could be the end of my problem.

[tMyMac] from DEVART is used to manage MYSQL connexion.

What is my point by now : It is a good way to use SSH Tunneling to control the IO Handler of both (ftp and mysql) transaction type onto my application ? I'm doing some test right now with SecureBridge from DEVART which is compatible with MyDAC component and TIndy.

Do I simply need to get connected to SSH Tunnel and go trought it with mysql and ftp ? Do I also need to encrypt ftp password while using SSH Tunnel ? For the MySQL part, the password seem to be encrypted or obfuscated when I try to intercept it with WireShark.

Thanks to let me know your idea from that point without changing all the structure of my program which is 99% completed :)

Thanks, Jonathan