Originally Posted by happyhd
doesn't this mean that anybody with a username/password guessing script that got hold of my ip could "eventually" get access ?
Of course, as always. Therefore you shouldn't use easy-to-guess passwords such as "hello".
You could use private/public key authentication instead. This is partly described here: http://www.howtoforge.com/linux_rdiff_backup