MSSQL_NOOB (1/4/2013)
Is this security or stupidity?
a little of both, i think.
From a SQL server standpoint,
SQL server passwords are inherently less secure than Windows authentication; you can use a brute force/dictionary attach to attempt to get SQL server access. Windows Authentication means you've logged in securely on the domain, so you are able to pass a trusted token around instead of exposing your password.
SQL authentication is disabled, by default, on a new SQL installation for that specific security reason.
covering the security hole by switching to SQL users/passwords potentially opens a different, larger hole.
a virus scanner pretty much puts the issue to bed as far as malware, and that's the solution we prefer at my shop. (we use ESET NOD32 Antivirus)
Lowell