How is that any worse than logging into a non-https: web site?
Not much worse. Problem is, a telnet login is going to give you a shell prompt. Getting shell access is more than half the battle to any hacker, because there are so many programs out there that are vulnerable to local exploits. Sites that may be pretty proactive on processes that listen on sockets are often less proactive about many local programs. This is really not a good idea, as most hacking is done by insiders, but it is more common than you might think.