If you can run code on my switch...you can snoop on all my lan packets and I have no way to know you're doing it - you can send your catch right out through the router, that I don't own (like most home/small business) and I can't see them at all, so I have no idea you are doing it and you can grab quite a haul over time.
Do that to any machine on my LAN, and wireshark or equivalent can see them, eg the tools most use to check for things like that.
Root on a switch isn't root on every box on the LAN, not by a long shot - just having root on one means you have that one, and that's it. Only a complete moron would use the same password etc for all boxes for root. There seems to be considerable confusion about that in comments above...Seems few even seem to know what it is - the author seems to have been right that there are a lot who could learn more here.