Applications that are not securely written and configured can open security vulnerabilities that affect the whole system. A 2001 posting by Pete Finnegan, for instance, explains how, under the right (wrong!) circumstances, someone can reveal Oracle user passwords in clear text. Pete has published a fascinating set of papers on Oracle (in)security on his website.
More authentication resources here