And although Unix had a reasonably sophisticated concept of file priviliges (especially for its time), default file privileges were kind of loose. This was to be expected in the cooperative, non-adversarial environment in which Unix arose.
The password mechanism was innovative, in that passwords were not stored in plain text, but were encrypted, using each password as its own key. This led the designers to make the user file, with its encrypted passwords, publicly readable. That allowed for extensive brute-force attempts to crack the password file, after it was copied somewhere else, off-line.
And with any reasonable number of users, at least one user would have a trivial password (this was before there was any built-in enforcement of password complexity). A colleague of mine wrote a snooper program that examined the passwd file for trivial passwords, and reported the results to him. He was continually uncovering trivial, and therefore, easily hackable, passwords.
Therefore, you could hack into the system by guessing passwords. Then, you'd go straight to the password file and ftp it to your own machine. Then, you'd go to work exhaustively testing random passwords, encrypted against themselves, against all entries in the file. You might get lucky and hit on somebody with real privileges, and of course then you were in, with whatever privileges the hittee had.
Of course, if you knew the exact structure of the shell object code, you could log in from Joe Schmo's non-privileged account, and fill the password field with a long string that would overwrite the critical part of the su command handling code with instructions that would simply make you super-user on the spot. Then you were also in, wihtout having to guess the password of any user with real power.
I'll have to assume that this was a while ago, as all modern unixes that I know use the /etc/shadow file rather than storing the password in the /etc/passwd file.
Permissions on /etc/shadow is 000 ...
ls -al /etc/shad*
---------- 1 root root 2665 2010-11-11 14:24 /etc/shadow
----------. 1 root root 2543 2010-11-04 11:39 /etc/shadow-
Without already having an exploit, it would be kind of difficult to get at.
You're right that early versions of Unix were much more loose permission-wise on many files and directories. Fortunately, as the environment became more hostile, it was much easier to secure the environment because it was based on the premise of multiple users in the first place. Microsoft had to start from a single-user system that essentially had no permissions granularity at all to something more secure, and the world has felt the pain of some of the architectural desisions they made during the process.