VNC server password that are saved on the computer registry or ini file is encrypted but it can be easily cracked and decrypted for password recovery purposes. On the other hand, there is also an 8-character limit on some versions of VNC if a password is sent exceeding 8 characters, the excess characters are removed and the truncated string is compared to the password.
For this reason it is recommended that a password of at least 8 characters be used. While passwords are not sent in plain-text (as in telnet), brute-force cracking could prove successful if both the encryption key and encoded password are sniffed from a network. Wikipedia wrote:By default, VNC is not a secure protocol.
