Bug or Feature?

Leopard's "Back to My Mac" feature lets a .mac user control their computer remotely via their .mac account. It's a fantastically useful idea, but there's some controversy over the first release not requiring your computer password as well as your .mac one. This paragraph concerns me though:

Most of us will use a “weaker” password for our .Mac account than for our Mac itself. It’s certainly what we’ve done to date anyway, since .Mac services were nowhere near as critical.

My .mac password is, id anything, stronger than the one for my computer since I figure I'm sending it over the Internet routinely, and it provides access to my IMAP email. My Mac itself is protected by its firewall, by disabling remote control services, and by controlling physical access to the machine itself. This is, surely, just as it should be. What I expect to see from Apple is an update, requiring your login password or, better still, a separate remote password.

Technorati Tags: .mac, Apple, Mac OS X, security