Bug#741678: It is possible to use live user account to log in via SSH
I think that it is wrong if anyone on the same network can log into a live system and get full access to it. If a user connects, say, to a Wi-Fi network to download something, he doesn't expect his computer to become open to everyone. Currently, it is necessary to change the password before connecting to any untrusted networks, and most users won't do it, which makes them vulnerable.
A possible solution is to disable password for default user (he is logged in automatically anyway), or to disable password authentication via SSH.