Thread:Extension talk:LDAP Authentication/For non-ssl servers, important to explicitly state clear encryption/reply (3)

Heh. It being on the intranet doesn't make it more secure. Basically it allows an attacker to elevate privileges much easier.