I just commited to phpMyAdmin trunk (will be released once as 3.1) few small patches, but the change is quite important - phpMyAdmin will now default to cookie authentication method and it will not allow to login as root user without password (unless it is explicitly enabled in configuration).
Reasons for both changes are simple - most people change default authentication to cookie in production environment anyway, so why not to make it default and giving remote access to freshly installed MySQL server has been always considered a bit security issue. Well it was an user problem, but why not to prevent such issues?
