this is a typical behaviour of all software - to let an initial way of access not properly configured, they may turn indeed in security holes:
Your goal should be "good behaviour" not "typical behaviour"...
I think it is a case of trying to be too nice but with very limited benefit for a new user. I just found the line in the INSTALL file that references this:
b) try to login with your SIP client as user 'admin' with password 'heslo'
Well... that's not even the default password anymore, is it? So, anyone starting with 1.0.1 (which includes *everyone* new, as that is the top link at openser.org) will not use that convenience.
BTW, thanks for taking the time to respond to messages. I see you get to each one that has yet to be answered by anyone else (although someone did email me privately).
Thanks, -mark