My mobile phone (Motorola A1200 with MontaVista Linux) has "root" user with empty password. It was very non-trivial to change password, because root file system is read only. :-)
IMHO, equipment producers should use persons with experience in both programming and administration (like me ;-) ), or use experienced administrators to review embedded systems before they are shipped to end users.
Government should also try regulate minimal acceptable level of security in network-connected devices, because ignorance of these security related problems creates huge risk for everybody. Imagine robots, which are controlled by hackers. Network devices can steal your credit card number and/or open doors for other trojans. Robots can steal your credit card and/or open door for breakers.
See also: "Researchers Demo BIOS Attack That Survives Disk Wipes" http://it.slashdot.org/article.pl?sid=09/03/23/1248214
http://www.amazon.com/UNIX-System-Administration-Handbook-3r...