I wasn't sure we're to post this but I decided I should definately pass it along since a search on SQL Server Central on this company retruned no hits related to this recently found security issue. I've listed a URL below to the story but in summary the bug is that those with Admin level proveledges to SQL Server can find out what any users password is on SQL Server by taking adavantage of the bug found by Sentrigo.
http://www.sentrigo.com/news/2009/09/02/sentrigo-uncovers-significant-password-exposure-vulnerability-in-microsoft-sql-serve
Kindest Regards,
Just say No to Facebook!