Many years ago I worked for a defense contractor who not only had 123abc as the password for a workstation that held secret information and was connected to the internet, but a post-it note with "password: 123abc" was kept on top of a monitor which was visible through a window from a corridor that random members of the public had access to. When I brought this up as possibly a poor security practice the reaction was anger towards me, and then moving the post-it note to the side of the monitor so it would not be visible from the window.
If there actually was Secret level classified information on a system, it is a security infraction that that monitor is visible through a window to the public. That contractor should have been reported to the program Security Officer. Glad the defense contractor I work for takes things a little more seriously.
Sounds like the same school of reactive pseudo-security that gave us the TSA: broken in too many ways to count, patching one particular aspect of the problem when brought up or exploited, completely ignoring the big picture, and getting angry when questioned.
