I just thought to myself:
Why is this insecure? If you login by SSH to do remote maintenance, then true, anyone who sniffs your in the clear ftp and pop passwords can login as you.
But they can only login as you the USER. They can never sniff the root password, as your "su root" password is always encrypted.
....
and then the penny dropped.
If someone ever logs into your user account. And then you login after they have done their mischief, and su, then you have just given away the crown jewels. Oh well.
Just one thought: On our system the only possibility to log in and work on the shell is SSH with RSA-authentification. So, if someone sniffs the "normal" password, okay, he can get access to the emails and for ftp-access. But NOT for any works on the system itself. Because to log in with SSH, there is a different password necessary. So, okay, this is not really secure, but at least no one can really harm the system. Or am I wrong ??? --- Stephan