MySQL has one major flaw. The password for the root user is by default the same as root or Administrator on the server it was installed on. It must be changed after the install and unfortunately that does not happen often enough.

Personal opinion; I think the security provided by the OS is much more important than the DB server. If you can't get into the OS the server is a lot safer.

I would like to see these servers switch to the ssh model of user keys rather than passwords for connections.

__________________
"The future is here. It's just not evenly distributed.