That's true for a user that uses smscon-editor as designated. To change the password you need the old one. There are two cases: (1) the regular owner changed it (2) someone else changed it. In case of (1) the old code wasn't compromised and the change notification could be compromising due to plain text password, I agree. In case of (2) the old code was compromised and compromising the new code to regular owner is desired and main reason for this functionality.

A user could simply de-install, purge and re-install smscon-editor. In this case the password is reset to the default and therefore compromised from the beginning.

A user even could simply de-install smscon to get rid of all remote controlling.

The security concepts of maemo are designed to protect the user from internet, not to protect the phone from user. And smscon does not claim to change that. In fact nothing and nobody can. Even companies like apple or google with closed devices concepts from the start can't prevent that experienced users root the phone. Once you are root, nothing is secure. Except crypted data of which password is not on phone.

I agree. We can remove the feature completely or we can change it to send the notification without password or with encrypted password. All except an option to select behavior. Otherwise a finder/thief that was able to change password would be able to first change option to disable notifications.

I Agree. And there should be a command to undo silencing.