To run a secure system, it's important that you change the default passwords. This page gives a way to randomize passwords.
The configuration repository supplies well known default passwords for services, typically defined in the defaults/main.yml file for any particular role. By convention all such passwords have a name that clearly indicates they are passwords, typically ROLE_PURPOSE_PASSWORD.
It's incumbent upon you to You should ensure that these values are overridden if you are deploying a non-development environment. There are real world examples for of folks losing their data because they had neither updated default password, nor ensured that access to services was blocked at the network.
Please do both and if you have questions about how to do so, ask on slackSlack.
Randomly Generated Passwords for New Deployments
One way to ensure that your passwords are overridden is to pass in overrides when you are installing Open edX using Ansible. Ansible let's lets you pass in a file of overrides using the -e@/path/to/file.yml convention.
...