PASSWORD = passwo0rd or PASSWORD
I recommend, for public hotspot servers, to set
Then leave it blank in the config.
Then, users can login with any password.
This is what we do in the UK
Password is not required because having a widely published password means in effect no password at all
Passwords are only of any purpose if they are secret!
Host Repeater Password
I would recommend the same, unless repeaters are set-up on their own port manually, then you set password to whatever you want.
My opinion is that all public servers listed, for example, in pi-Star, should not require a password.