I don't know if it applies to the box CF is on, but here is where I first heard... http://it.slashdot.org/it/07/02/12/1118248.shtml which is of course slashdot. I'm sure you can find more info in the linked article.

Telnet is a stand alone application similar to SSH. Its not quite the same thing as what CF uses, AFAIK.

Telnet is a protocol, which CF's server implements (to some degree). Like you said, it's not the same as the telnet daemon that comes with Solaris, which is what this bug relates to. However, if that isn't fixed on the machine on which CF runs, then someone could theoretically gain root access and wreak havoc with CF's files. It's really an issue for CF's hosting company, not the staff per se.

CF owns it's own box, which was originally purchased by Jullias. It's possible that only CF accepts telnet connections, and as such avoids this, but I thought I'd send a heads up either way. I'm sure that IMPS/IMMS connect through ssh or something similar, but telnet is at least marginally open to the internet (via CF) and it might be something to double check. *shrug*

The duality in meaning is annoying yes.

Telnet is a protocol in general.
Its also shorthand for both telnet clients and telnet server applications. IE, Telnet service on windows = telnet. Telnet client that connects to CF? Telnet. Protocol they both use? Telnet. Its like they just got tired of naming things.

Point being though that telnet protocol in general, in reference to using it for remote shells, doesn't do any encryption. So I doubt the CF imms are using it for remote admin.