Re: This is a controversial opinion, no doubt, but....
In fact I don't recall a regular Linux or other Unix installation process* that attempted to set a default root password. It's a feature of pre-built images which are used on IoT gadgets.
* Pi distros are something of an exception being based on regular distros such as Debian but are pre-built images. Although the default password should be changed - and a non-root ID set up - ASAP but if that isn't done and the OS got banjaxed by something like this the device itself isn't affected, the SD card can be reloaded. Too bad about any user data on it, however.