Yes certainly ,If anybody has replaced his MSGINE with some stub then he
has all about password.He can get anybody’s password who log’s into his
system.And I think this not violation of security ,but a provision for
some diff. authentication system.