He said he had to fight management to get this changed, as they didn't want to spend the money to modify the hard-coded applications to use a more secure password or to use Windows authentication. Unbelievable.
It's more common than you think. I'm currently having to explain PKI to one of these institutions that should know better, but they keep chasing off all their qualified technical people. :w00t: