A caution to those of you who might have deployed Exchange Server 2003: it appears that the Outlook Web Access interface may provide a security hole, not the first time this component has done that. It appears to be related to the disabling of Kerberos security. Here’s one article on the problem.
I saw another article while browsing last night that linked the disabling of Kerberos to the installation of Portal Server or Services on the server machine, but I neglected to bookmark the link, sorry.