Revenge of the pencil pushers

The Unix 'team' has a telephone conference every Thursday. Joy. Well, after this week of having the 'storage management manager' pull an '/bin/rm -rf *' in the wrong directory and my finally figuring out after we tried serial consoles on 4 servers with no success that these guys have monitors and keyboards on every damned server, I thought that there was little more that could irritate me. I was wrong. I piped up at one point when one of the guys was talking about some security issue:

<ME> You telnet to boxes as root, how does your concern for security jive with that?
<PencilPusher> Well HP has a policy...
<ME> Telnet should have been abandoned 5 years ago so this must be an old policy, especially considering that encrypted filesystems and boot passwords are SOP on laptops. I install SSH as standard on my servers and don't allow root login via telnet.
<PencilPusher> SSH is not part of our security policy so you probably shouldn't be using it.
<theboss> It's better to follow the policy than beg forgiveness later.
<ME> [ silent disbelief and a desperate wish for termination ]

I still don't quite understand how people can talk about security then have every bit of traffic on a network, including root passwords and everything else, unencrypted. How do people like this get these jobs, keep them and get promoted?