[LordLandon]

If you're running a multi-user server, with possibly malicious users, that's not a good idea. Ports <1024 can only be bound to by root; so if a valid user of the server can figure out how to crash sshd, he can run his own version on the same port >1024, and then all your users' password are belong to him.

[petercooper]

When I read your comment, I thought "surely you couldn't rig up a fake sshd to steal passwords" thinking the protocol wouldn't send passwords in plaintext but instead some hashing would take place. I read the RFC and, wow, it does send plaintext (though it's over an encrypted transport). Ouch..

[ryanpetrich]

Any client that has the server's public key in their known_hosts will throw up a big fat error.

[jluxenberg]

This is mitigated by not allowing password-based logins for SSH. Your point still stands though.