By default an installation of XAMPP is passwordless, which is not so cool.
To secure it launch Terminal in Applications/Utilities and run:
sudo /Applications/XAMPP/xamppfiles/xampp security
This will put you into an interactive dialog with the command…
Here you can set 3 passwords:
- the XAMPP home page aka http://localhost/xampp/
- MySQL
- phpMyAdmin
- FTP
What you choose to secure or not is a matter of personal preference in a local development environment – at least do the MySQL root password and disable network access to it when prompted.