I understand both points above -- they are logical. And it's
not worth debating every possibility of ever topology in every environment (e.g., lab vs. prod) against the comfort levels of every different person.
However, I do think it's worth pointing out that when systems are deployed professionally in the industry, there is no defensible case to be made ever that sending secrets in plain text is acceptable. You just won't see it. The world mostly stopped using telnet and rlogin a long time ago, even in switched networks that use microsegmentation to unicast ethernet frames, because it's just common protection against common/unsophisticated thieves. Just like locks on windows. Even if the cipher is flawed, even if the secret is stored in memory in plain text somewhere by a running process, even if the system architecture is flawed, etc (i.e., any stupid old avenue that presents a risk in overall protection of the secret), you will never hear an expert approve transmission of secrets in plain text in the 21st century, even within a mgmt VLAN. That is just not really up for discussion at this point in the game.
(I don't know that any U.S. enterprise is running an ecommerce platform on a CSS610 in production, but the world is a pretty crazy place...so, what do I know.
)
Nothing is really secure, but that doesn't mean we stop manufacturing cars with door locks just because glass windows defeat the purpose of security -- it's a common feature & expectation this day in age, and it would be a red flag for any manufacturer to say, "Nah, we don't believe in that...it's pointless and everything is futile." (Hence my original question about hardware or cost/benefit in this product line, trying to understand the actual reason from the company.. Not sure if you guys are employees or owners.)