The answer to your question 'am I too paranoid' is yes, although that's not necessarily a bad thing.

This kind of a situation depends a lot on the size of the network, the resources at risk, and the capacity of the networking admin staff to ratchet down security without reducing services. The first question I would have is, what could go wrong and how long would it take them to fix it? Many of you security gurus might say that this is kind of naive, but if we're talking about a Cisco 1600 that sits in someones's office and provides connectivity to 32 workstations, then I'd say the network admin could take control back and get the network back in service pretty darn fast if something happened from the inside.

. . . but that's being a little too forgiving of lazy network administration.

Another way of looking at this is, does your organization have any network security policies in writing? It's all well and good to suggest to the admin that he/she shut off telnet, but it's even better if there is a corporate policy/procedure mandating that anyone with adminstrative rights to a router be responsible for permitting access to the device only under such and such conditions. This provides motivation to do more than just check the router for its vulnerability to the one scenario you presented.

I tend to think of network security more in terms of organizational behavior than ports and services. It's nice to know how to protect one service on one device, but it's even better to work in an organization that constantly protects all devices as a matter of course.