This is something that I have bitched about for *years*. Back in the old days (before I was old enough to be prosecuted ) I was able to glean a ton of info using non technical techniques such as shoulder surfing and social engineering. This article shows that someone else realizes that shoulder surfing is a *VERY* productive technique. I preach this to admins so that they will educate mobile users. I even provide them with an example from shoulder surfing I did not too long ago (as a proof of concept for the Secret Service) where I was able to glean all the info needed to gain local access to the agent's machine and I also was able to see exactly where they would be positioned during a specific time frame for a very high profile event - VERY scary stuff. I performed this on a public transportation system where the agent felt comfortable enough to work while in transit.

http://zdnet.com.com/2100-1105_2-5059907.html