Short answer - you don't have anything to worry about.
Long answer - What Password Protection method are you using?
Most links users use .htaccess password protection on the server since password protection is not built into the Links script itself. If you are using .htaccess directory protection, then no, no one will ever be able to get your password from their stats.
If you have applied a password protection mod instead of using better .htaccess directory password protection, you should still be safe since the site's you're previewing as you validate pop up in a new windows (target="_blank"). (it is never a good idea to have the password in the URL of the script you're using, i.e. admin.cgi?password=mysecredword, but as long as all links from this target a new blank windows with target="_blank" you should be safe still. I haven't seen any of the admin password mods myself).