For most probably as you have to know to order it specifically with secure password unlike HPE/Supermicro which just do it every time now. Likely they got hit with a government/large customer requirement and half assed it, as most things BMC are.

It hasn't been for years now. The systems get a unique password from the factory and is on the tag.