Comment 13 for bug 275340

Without an option to listen to localhost only it is impossible to securely connect to vino server through SSH tunnel. I would say Ubuntu is insecure with such kind of default client. It usually a matter of hours before you get scanned by some roaming droid that will try to break the pass next try. I do not know what is the normal rate of password probing for vino, but there are always ways to sniff you traffic, so I would raise the status to rather critical security issue.