Источник http://www.microsoft.com/technet/security/bulletin/MS00-035.asp

Коротко:
When SQL Server 7.0 Service Packs 1, 2, or 3 are installed on a
machine
that is configured to perform authentication using Mixed Mode, the
password for the SQL Server standard security System Administrator
(sa)
account is recorded in plaintext in the files %TEMP%\sqlsp.log and
%WINNT%\setup.iss. The default permissions on the files would allow
any
user to read them who could log onto the server interactively.