[ben_w]

(not op, just hypothesising)

> I can't think of a good reason why this isn't a quick fix.

What if there's some IoT product with no update mechanism and the access password to function is stored on all of them in plain text?

[scoot]

Possibly, but that's a very different scenario to a database of cleartext passwords (which is what I assumed was meant), as each device would have to be identified and compromised to access a password to a device which at that point is already compromised...