> On the other hand - default root password in 2009? Are they nuts?
Is the root account accessible in any way on an unmodified phone for someone knowing the password? If not, then I don't see how changing the password would improve security.
Of course, going the extra mile and securing against attacks which even theoretically should be impossible (within the security design of the device) is hardly a bad idea. If only since it may help mitigate currently unfeasible attacks in the future.
But if the security design of the iPhone isn't depending the strongness of the root password, then I can understand why Apple never bothered to change it.