Yes somebody could potentially see this token in the packet, which is why it is also a good idea to use SSL encryption of all network traffic before and after authentication and distribution of a token.
Someone on an unencrypted wireless network, like at a Starbucks use this method all the time to pick up packets to services like Facebook that do not require SSL encrypted traffic. They then can use this token in their own requests to spoof another users session.
Likewise if I am a hacker and I were to compromise a particular machine behind a firewall where network traffic passes through, lets say a load balancer, I can then use that information to determine credentials and session tokens on unencrypted traffic that passes through.
The appropriate way to handle this is to utilize SSL encryption, even if it is a self-signed certificate then you are ensured that third parties cannot listen in on user requests.