Our experience with Bluetooth headsets tells us that you first have to place it into discoverable mode before any other device can connect to it, but this video claims otherwise.
The man in the vid explains that just by knowing the default code (0000 on just about every headset) and spoofing your device as a phone, you can remotely inject sounds or record audio from a headset. With a strong enough antenna, you can even do this from up to a mile away. So what can someone gain from this exploit? Mostly just listening to people's conversations without their knowledge, but playing back sounds into their ear could be pretty fun. [5min]