This said wildly inappropriate features included do violate the principle of least user authorization. You expect if your KVM gets hacked your servers are pretty fucked, the problem now is any conversation you had by the KVM is suspect too.

Goes along with 'the S in IOT stands for security'.