Yep, passwords can be guessed without decrypting them. The source code for the encryption program that Unix uses is easy to obtain. So are password guessing programs, such as CRACK, that use lists of encrypted words to guess passwords.
Studies show that with the right dictionary 10-20% of the passwords on any given machine can be broken. To further complicate the issue, super computers are capable of performing up to 424,400 encryptions a second. So all six-character passwords can conceivably be broken in two days and all seven-character passwords could be broken in four months.