hi, i keep my root unprotected, so i consider it safe.
Those are attempts at exploiting old bugs not present in current version.
Still those messages are annoying to look at. It would be nice if someone comes with filter to avoid those requests from being received/displayed, even just for peace of mind.
Bugs can be nasty, every software has some from time to time. Point is: adding authentication is not necessarily a solution, it just depend if the bug is accessible without of it interfering.
In real world you should just keep your software updated and check there is no known security problem with latest version.
This is true for any software out there.
btw, i'm working on HFS 3 these days. I hope it will officially replace "current" version in 1-3 months. I already use it with great satisfaction.