Default empty root password should be documented

[George Mamalakis]

Hi all,

Recently on one of my systems I installed a jail from scratch (I usually 
copy my jails from other machines). Before running it, I checked to see 
if the password format was the one I was expecting to be with vipw(8) 
and I saw that the root password was empty. I understand that this is 
the case with "make installworld" and that it is also the case when 
installing a system from CLI; it's not the first time I noticed it, and 
I suppose there is a reason for root's default password to be empty and 
not starred out -probably to prevent someone from getting locked out 
from the machine accidentally before setting a root password-. 
Furthermore, I know that this is documented in jail(8)'s man page, but 
due to the security risk imposed when someone forgets to set a password 
for root, I see no reason why a reminder for setting the root password 
should not be mentioned in the Handbook's jail section as well, with 
bold fonts or in a warning-box.

Thank you all for your time in advance,

George Mamalakis.