Surely RADIUS Authentication is just an insecure protocol

I might be mis-understanding something, but let me demonstrate why I think RADIUS is a bad protocol, envisage this:

PC ---INFRASTRUCTURE NETWORK ---> ASA ----> INFRASTRUCTURE NETWORK ---->RADIUS SERVER

Let's say you SSH to your ASA, and login. There's a few steps:

Process

1. Your user/pass is sent over the encrypted SSH tunnel to the ASA
2. The ASA uses it's stored shared secret with the RADIUS server to verify it's identity, and encrypts your password with HIS shared secret, and sends it off as a RADIUS "Accesst-Request" towards the server.
3. Server decrypts the request, checks the username/pass combo, and sends it back to the ASA as a RADIUS "Access-Accept"
4. ASA sees the accept message and allows the user to login.

SOME MAJOR issues with this process that horrifies me in my findings. I'll detail the problems in relation to the steps above:

Issues with the process

1. Your user/pass is sent as a clear-text password, over the SSH tunnel. At the ASA side, it's able to see the full user/pass. The only reason it's fairly safe, is because you sent it via SSH to the ASA. Problem = your password was never encrypted by YOU.
2. Your user/pass at step 2 is encrypted with the ASA's shared secret (shared with the RADIUS server), and it transits over the underlying infrastructure. So the strength of your password actually doesn't even matter at this point, as the constraints to decrypt it lie purely on the strength of the encryption algorithm & password complexity of the ASA's shared key.
3. Server decrypts the request using the shared secret between the ASA and RADIUS server, and gets a nice clear text view of the password to then verify you. Again, your password is simply now in clear text at 2 places, on the ASA and the RADIUS server. So if that shared secret gets compromised, you can capture a login request, import compromised ASA shared key into wireshark, then view the users password (which I tested on this exact setup, to verify my understanding).

Summary

My point being that you are not in control of your password at all. When you enter it, you rely ONLY on the strength/complexity of the shared secret between the RADIUS server and ASA, along with their encryption algorithms. Since it's a shared secret (i.e. using symmetric encryption), with a standardized function of how to encrypt/decrypt it, it means the process is reverseable. To crack the password, you would need a packet capture, then brute force the encryption key by running it through the reverse function used to encrypt it for each attempt. So as I say, the strength of your password almost doesn't matter, because that's not what is keeping it secure. We should surely be using asymmetric encryption from the host to the radius server, with the ASA's job being to forward that packet to the RADIUS server. Then we are in control of our password.