Quoting David Laight (david@l8s.co.uk):
> > 
> > FYI, in general, no one should use rcp instead of ssh/scp on the open
> > internet. It is arguable they shouldn't be used behind a firewall,
> > either, if you don't have some pressing reason to use them.
> 
> Isn't rcp arguably more secure than ftp?
> To break rcp you need to subvert the reverse DNS.

No, because ftp offers ANONYMOUS logins.

rcp is unsecure and easily broken in through.
ftp does show passwords, but I don't run user based ftp.

I *should* figure out DAV and offer uploads via brower through https
connections.  (even mom can figure that out).

> OTOH a trivial program [1] running on a LAN in promiscuous mode
> can detect usernames and passwords from ftp and pop3 (and other)
> connections.

And there are so many canned programs that will do that for you...
(and grab SNMP v1 passwords and about anything else that's clear
text).  I beleive it was Robert Morris (the elder) who offered a
paper that "passwords over the net in the clear is bad - stop it"
- it was around 1985 or so.