Are you referring to the brute force dictionary query against sys logins table to get passwords? Yes, it works. There are plenty of occasions where non-DBA users are members of sysadmin role or who have "VIEW DEFINITION" privilege, allowing them to run such a T-SQL script. Even if the privileges are later revoked, they still have the DBA's sql login password.