Yes and no.

The data travelling between a VNC Viewer and a VNC Server is not encrypted, so anyone capable of monitoring (aka, "sniffing") that network traffic can easily see what you're seeing.

That doesn't mean, however, that someone can easily sniff the password VNC prompts you for when you try to connect to a Server. For VNC uses a challenge-response authentication scheme, so the password itself never crosses the network. That's the good news.

If while you're using VNC, however, you type a password for an application running on the remote server, that password could be easily captured.

In general, VNC is not considered really secure whenever the data traverses a network that you are not completely in control of. So naked VNC use within a home or office LAN is usually considered "secure enough", while using VNC across the Internet, without additional security measures taken, is usually considered "reckless and ill-advised".