It's actually fairly easy in some cases. If the user is with Virgin mobile, their 6 digit password can be bruteforced in a couple of minutes, and then every text and call they've ever made is public. I've made a fuss to them about this quite a few times, but they've never done anything to fix it.