When running vipw, you can edit /etc/passwd, but you do not get prompted to edit /etc/shadow, nor do the entries get propogated. This means that the passwd and shadow files may contain different information, which is potentially a security bug. If you run vipw in Solaris, and change /etc/passwd, you are prompted that you should probably change /etc/shadow, "would you like to change shadow aswell". This has probably been a bug since shadow passwords started being used in Linux. I know that people should be using "useradd", or some such, but vipw is the BSD way of adding users, and people used to using BSD typically use that tool to create/delete/modify users.
fixed in util-linux-2.10s-2, and patch sent to util-linux maintainer