Sure, but if you compare the history of telnet / ssh during the last years, ssh had lot's of security holes and I'm just aware of one hole in telnetd. *BSD comes out of the box with encryption support for telnet and I consider it not much less secure than ssh. I even think that unencrypted telnet _can_ be more secure than ssh (depending on the topology, of course). To get the telnet-password you still have to sniff the traffic - if ssh has one of those bufferoverflows or other problems again, you don't even need to do that - you just compile the exploit and root the machine.
Quite nice -a possible stand of view too. BUT, the problems related with ssh mostly depends on the login procedure, that tries to be secure. Telnet wont work that way, you do not need any xploit, you just have to sniff it out, as you say. Furthermore the traffic is encrypted too. But as i said - a possible stand of view Michael Appeldorn