Hi Martyn,
I agree that it is dependent upon what the Telnet client is used for.
The Telnet session between the client and the server is not encrypted. Anyone with access to the TCP/IP packet flow between the communicating hosts can reconstruct the data that flows between the endpoints and read the messaging, including the usernames and passwords that are used to log in to the remote machine. This network attack requires very little expertise and can be performed with network debugging tools that are readily available.
Serious problems have arisen, for example, where legitimate users have used Telnet to gain remote administrative access to their broadband routers. Doing this enables any eavesdropper to discover the userid and password and then use that information for nefarious purposes.
There is no good reason to use Telnet at all these days. SSH is a much more secure alternative.
73,
Walt (G3NYY)