What with them being inherently, disgracefully insecure.
Are you talking about the fact that they have to be stored in plain text in connection strings that are at the Least a read only file for all users?
Filter it for login packets... and watch in wonder as your password flies across the network in plain text! <_<
Ok, you are talking about the same limitation all network applications that use login packets to support application user logins stored in the application. SNMP, POP, SQL, FTP, NNTP, etc...
IMHO: If your network security is so lax that just anyone can install and use a packet sniffer to get this data, there is not an application security issue.