remove hardcoded passwords and legacy protocols that transmit passwords in the clear.

I'm not sure I would classify the FTP, POP3 and IMAP protocols as "legacy", but they're definitely bad from a security standpoint, and yet they remain very popular despite the availability of alternatives or security add-ons (i.e. SFTP, POP3S, IMAPS, etc).

They rarely use 0-day exploits apparently. They can get by with your run-of-the-mill unpatched systems. That's a real incentive to keep things up to date, because it's not just governments coming after your systems.

(winkers!) All too true. And because of same I still have a small (diminishing but still there) cottage industry of locking down systems for dumb... er... not techknowledgable (sic) clients.

Tangor, you were logged into webmasterworld at 9:38 pm on Jan 31, 2016 to post that bit of news. A quick look at their super computer which records all internet traffic at an ISP level for the word Tangor would show them that you are the only person to have generated a data trail for that word near that time. Your name, address and everything else about you was available to him before you typed a word. Not even the common sense helps anymore.

Once they tapped into all of the worlds data flow it was game over in terms of privacy. The only thing holding them back would have been processing power to sort it all out, I don't think that's a problem anymore for them :)

the way the gubermint keeps spending my tax dollars, probably not! :)