Expedition installation script gives root a simple password, SSH login

I'm evaluating Expedition to assist with an internal project, and while reviewing the installation script, I noticed a couple massive red flags.

First, the root account is given a hard-coded, easy to guess password: 'paloalto'.  This is done for both the Linux host, as well as the MariaDB service.  Second, the SSH service is reconfigured to allow root to log in remotely using a password.  These changes occur starting on line 97 of the initSetup.sh script.

    printTitleWait "Changing CLI root password to 'paloalto'"
    echo -e "paloalto\npaloalto" | passwd root

    printTitleWait "Installing SSHD service"
    sudo apt-get install -y openssh-server

    printTitle "Enabling ROOT ssh access"
    filePath=/etc/ssh/sshd_config
    lineToChange=$(grep -n "PermitRootLogin prohibit-password" $filePath | awk -F ':' '{print $1}')
    sed -i "${lineToChange}s/.*/ PermitRootLogin yes/" $filePath;

I've reviewed multiple versions of the admin guide, hardening guide, installation video, etc.  It is mentioned that it is very important to change the GUI admin account and expedition CLI user (for the older OVA build), but nothing appears to be said about the root account of the server.  I've also confirmed that the root account can indeed be logged into using this password via SSH, post installation.

What in Expedition requires the ability for root to be logged into with this password?  Can the CLI root account be changed, and SSH password-based login for root disabled?