Setting authentication information over unauthenticated channels?!
Who thought it would be a good idea to configure credentials over an unauthenticated connection on a shared network?
Why don't they just pass them through the hypervisor instead? Simply communicating over an emulated serial connection or an additional network containing just the VM and the hypervisor/metadata server?
Or they could simply change the necessary files on the template disk before booting it.
So many ways of doing this securely but instead they chose an unencrypted, unauthenticated communications channel, giving everyone on the same subnet root access to all other machines...