Does OneLogin send plain text or hashed password to the client server? Is there an option to opt out from synching the password?
OneLogin will only send over the User's password if you configure the SCIM connector to do that.
As part of setting up your SCIM application connection in OneLogin, you define the payload you want to send over as well as the user attributes that get mapped to the various values in the payload.
While user password is one of the values that's available to sent over, there's absolutely no requirement to send it.
In fact, most applications that support SCIM use SAML for user authentication, so there's no need for passwords.