Stolen password¶
SIP password from user's account could be stolen by virus from your customer's PC, which uses softphone.
Next, this SIP password could be used to terminate huge amount of calls through your server.
The same way, SSH password could be stolen.