Thanks to successful Make It Happen on consolidated cron jobs, we can set just one cron job per site.
As described in the docs, you can set this cron job using either an "URL" method or a "CLI" method.
The URL method uses wget or curl to mimic a web page request as if it was made anonymously over the Internet. With this method, we certainly want to require a password to avoid having anonymous users hitting your cron job (which could be a vector for a denial of service attack). And, CiviCRM rightly requires this password, refusing to run if it is missing or incorrect.
However, why are we requiring a password when using the cli method?
If you have command line access to a CiviCRM install and you have read-access to the civicrm.settings.php file, you already have full access to the database.
If we require users type a password when they run their cli commands, it will in fact reduce security because:
There is a need to specify what user a cron job should be run as - however, the current cli.php implementation could provide for the ability to specify a user without a password.
What do others think? Am I missing anything? As a security issue, it's best to be safe!