My first server was totally exposed in the DMZ. I ran windows RDP with the password "supersecret" for a long time also. I remember at one point also realizing that I could login to ftp anonymously. It was horrendous security in those early days and I had no idea what the heck I was doing.
Don't scare everybody off because it's not a best practice. If his/her server gets pwned they'll fix, learn, and move on.
A password is fine for your fun server. It's not super secure. It you're probably not interesting enough to get pwned using it.
The problem is insecure PCs and servers are a net negative for the Internet as a whole.
I'm now on a fast enough connection with good enough hardware that if you were able to get into one of my desktops or even just the router I'd be inadvertently sending out a lot of spam or "donating" a lot of bandwidth to a DDoS.
Also, scans of the entire IPv4 internet take less than an hour now, so there's absolutely no security-through-obscurity.
