Information Week published an interview with the notorious VoIP hacker who was charge with fraud last year. The main point that came out of the interview is that the password is the weakest link. He mentions two VoIP vendors - Cisco and MERA and how he felt comfortable with breaking into these systems because of default or easily guessable passwords. In a previous interview we learned that he mainly attacked H323 devices rather than SIP boxes, however the attacks that the attacker pulled off are quite similar to what you can do with SIPVicious tools.
Reference: Robert Moore Tells How He Broke Into Routers And Stole VoIP Services