Sounds crazy does it? In actuality, Microsoft built XP so that if there’s a blank password in the profile, then that profile is inaccessible remotely via the Internet or network. Thus, outside of physical access, the computer is safer than an easily guessed or easily brute forced password (eg. abc123).
Granted, I probably wouldn’t recommend a blank password in any situation but if you happen to have those that forget their passwords or use their birthdays or what not, then it might be prudent to actually set it up this way.