There are a few security related tradeoffs between using telnet and ftp versus using the ``r'' commands. For example, rlogin, rsh, and rcp are less susceptible to the eavesdropping of passwords than telnet and ftp because with the ``r'' commands, a user does not need to type in a password. An exception is when rlogin is invoked for a non-trusted user. In this case, a single packet containing the user's password will be passed over the network. However, in general, telnet and ftp are more susceptible to interception of user names and passwords than rlogin. Note that, except for the case when rsh invokes rlogin, rsh and rcp never prompt for passwords.
The use of trusted hosts when using the ``r'' commands introduces security problems which are not relevant when using telnet and ftp. Trusted hosts introduce security problems because the host authentication mechanism can be defeated, and users on a trusted host cannot always be trusted. If an attacker manages to break into an account on a host, and that host is trusted by another computer, the user's account on the other computer is compromised. In addition, the .rhosts file can be compromised by an attacker by adding entries that permit access by others.
Thus, the basic tradeoff between the use the ``r'' commands versus telnet/ftp is whether it is more insecure to permit trusted hosts configured so that passwords do not go across the network in plain text versus having passwords passing across the network in plain text. Neither situation is desirable in general. It is up the system administrators and the network administrators to choose the better approach for their environments. For example, in general, it is harder to eavesdrop on a token ring network than on an ethernet network. So, the choice on a token ring network may be to use telnet/ftp.