I may be fairly new to Linux and the Raspberry Pi, but I don't understand what is such a problem with this.
It used to be that Raspbian had a default password for everyone and that was it... You had to know it was important to change it. Maybe not a good idea.
But it changed a while ago, and ssh got disabled by default with a warning if turned on with default password. Better...
But a few weeks ago, it got a LOT better and new installs now do ask for a new password by default. It may not FORCE you to do it, you can cancel, but it is there like it should be. I get the feeling that some people still don't know about this because it's only a few weeks old and you only see it on new installs.
Still, when folks use passwords like "12345678" and "abcdefgh", "What does it matter?" Forcing passwords ls buying into a never ending chain of tail chasing...next will require "good" passwords and so on ad nauseum. It will never end.
Even if forced, people can indeed use bad passwords and it really never ends.
Would it be better to be like Debian or any modern OS, maybe yes, but I really don't see the problem with the new versions that ask you for a new password.
(maybe there are more serious security problems, like using a 6 months old version of the world's most used browser by default... )