The root user in Raspbian has no password; therefore it is inherently secure. Clear as mud, eh? ;)

It's set up in a special way so that A) the root user has no login access and is only available via sudo, and B) so long as your pi user has a good password (or SSH key access only), then you're golden, as the pi user is by default the only user allowed to sudo.

If you set a root password, then you've opened up an attack vector, as the root user will then have login access.