>> Another idea is to change pg_hba.conf to not default to 'trust' but then
>> the installing user is going to have to choose a password.
Well, initdb already has an option to request a password. It would
perhaps make sense for initdb to alter the installed pg_hba.conf file
to select local md5 mode instead of local trust mode when this option is
specified.
> I like this approach. Set it to password (or md5) on local, and force
> the request of a password during initdb.
I don't like "forcing" people to do anything, especially not things that
aren't necessarily useful to them. On a single-user machine there is
no advantage to using database passwords.
regards, tom lane