@george1421 forgive me if my thoughts are incorrect, but I don’t think this is a big issue, though it should ask for it, I like that it doesn’t set a password like it did for me a while back.
The root user is usually defaulted to only be allowed by the local host now, so it not having a password isn’t a huge issue. As fog now defined and sets up a separate user, and doesn’t rely on the root for fog related items, I think this is okay.
Maybe running mysql_secure_installation should be run or suggested to run after fog installs?