[harrall]

Tell that to the kids at my high school in 2004 screwing with all the unprotected services across the whole school district-wide network.

Or the worms that scan for vulnerable services and install persistent threats.

If you want to remove the password on a service, that’s your choice. The default should have a password though and then people can decide.

[dns_snek]

Decide what? Slapping a simple, naive login screen on top of a service that was never designed to fend off attacks from untrusted networks doesn't fix the actual issue, which is the fact that an administrator exercised bad judgement and made it accessible to untrusted networks.