Seems the present XP password encryption scheme is nowhere near too secure:
http://www.securiteam.com/tools/6T00D0A35S.html

I could imagine a root-kit type of trojan getting an access to this same database as the software featured in the above link, then decrypting all the passwords, and having a go at it at will.