I receive certain bulletins and newsflashes from AB on a regular basis. This one I remember getting earlier this year.
It's somewhat irrelevant to the OP's question, but relevant to the discussion.
66684 - Client Software Authentication Security Vulnerability in PLC5® and SLC™ 5/0x Controllers
Access Level: Everyone
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/66684
Note the reference, as Ken mentioned, to turning the processor key to the RUN position where possible to avoid communication vulnerabilities.
Also the use of Static Protection of Data Files to prevent changes to their address values over communications.
I also wanted to point out the password encryption option that was added to RSLogix 500/Micro at version 8.40 and above.
SLC/MicroLogix Unencrypted passwords are up to 10 digits numerical(0-9). Encrypted passwords are up to 10 alphanumerical characters(0-9, a-z, A-Z) and must include at least one letter.
Encrypted passwords do add a little bit more security apart from being harder to crack. As some of you may be aware, Unencrypted numerical SLC/MicroLogix passwords may be 'found' using certain 'methods', which I wont publicly divulge. However, if you use the Encrypted password option, they cannot be found using the aforementioned 'methods'.
G.