Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.