"You would be surprised at the number of people using RPi's who expose them to the net and leave the default username and password...."
not really. Your typical 'maker' types are more interested in building cool electronics and making their pi do a dance or flash LEDs and basically know _nothing_ about IT/ security.
At least they're not using Win-10-nic and/or ".Not" on some overpriced intel solution...
(then again, a rumor has it that Win-10-nic has a version for RPi. now I need 'pink liquid' for the nausea that this mental image just caused)
rumor... read: "yes I saw an El Reg article about it, but I'm trying to forget it exists"