...you need a password to log in onto it to change it. That's hardly unique.
You could say "but they could make random one that is displayed on display!", but they also sell headless version with no display at all so that's not an option
they also fixed the issue, SSH is off by default now.
BUT BE WARNED: it runs a web-server by default with no password set from the factory, you have to configure it first run to secure it....
yeah, this article is mostly a no banger, they made some dumb oversights/mistakes with the firmware but fixed them quickly and even documented the issues and concerns.
The firmware if open source after all.
That alone ends my trust in the brand.