Quoting mackstann (mack@incise.org):
> > Ancient, unsecure.  Quicker, yes.  But the source of
> > password swiping for a long time. I banned cleartext telnet
> > or telnet with reusable passwords in 1995.
> 
> > > > This is not in a security-critical environment, so turning off encryption
> > > > or using very short keys would be ok.
> 
> Using telnet over the internet is one thing, using it in the environment
> described is another.

Right.  I've cleaned up a lot of "not security critcal environments."
That answer is quick from people.  You get a different on when you
just suggest they remove passwords from all non-root accounts.

A factor in consulting is knowing how you translate what the client
says into what their reality is and then perhaps changing their reality
to aim them towards their goals.