My take is that we don't know the network setup.

The computers with grades and personal information may not be on the same network as the one Jareds found problems on.

Yes, the network is more vulnerable to the outside and malicious students could cause problems.

But Jareds has not mentioned any problems. Popups, slowdowns, virus, spyware activity would be showing up already if the network were open to the outside. Internal malicious activity would have been mentioned by now also.

I'm not against Jareds addressing the issue, or notifying the admins and the district. I think it is a good path that he has chosen. I just wanted to ask about the scope of the issue. It is something to consider while deciding what to do when you discover these situations.