Telnet is a protocol, which CF's server implements (to some degree). Like you said, it's not the same as the telnet daemon that comes with Solaris, which is what this bug relates to. However, if that isn't fixed on the machine on which CF runs, then someone could theoretically gain root access and wreak havoc with CF's files. It's really an issue for CF's hosting company, not the staff per se.