When sending a sql command to the server over a network how secure is it?

I would be more focus on how to protect the SQL Server and the database. I don't think that if someone that wants to hack your system would look for SQL statements. What for (s)he would need that without having access to the database?
And if (s)he have access to the database (s)he can do whatever (s)he want. Wouldn't need your SQL commands for nothing.

Wouldn't they be able to see the connection string and get the password from there?

Okay good to know.  Wasn't sure how to properly word my original question.  I thought that the sql statements and connection string got combined when a query was executed.

If I use Integrated Security=SSPI and my network admins require each user on the register to log onto the machine it seems that each user will need to have access granted to the server.

Not to the server. Users needs only to have permissions on application and database. There's no need to grant them access to any server. Always give the low permissions possible.

Understood. However still means granting on average 50 people rights to the database at any one time.  Also with a turnover rate of 10 people every 6 months the over head. However that is the price for security.  I'm going to let this question open for a few more days in case something else comes up.

It seems I could set up a service on the server and communicate to it from the application.  The communication would be encrypted. The service would do all the queries and just send responses based on the query run.  The service would communicate from the server to the server so should be pretty secure.

If they are all AD users, then the easy way is to create a group in AD where those users will be added into. Then you'll only need to give permissions to that group in SQL Server so you won't need to add or remove more users in the future.