Your LAN router/switch will see the credentials unencrypted. An untrusted device on your network could perform ARP spoofing, pretend to be 192.168.something.something, and intercept the credentials. Do you trust all devices on your network?
It’s better practice (and simple enough) to setup HTTPS with self-signed certificates and have the browsers manually accept the cert on first connection.