However, on many Linux distributions, the root password is set, with a default, and should be changed immediately.
THAT I haven't seen in the 22 years I've been using Linux. In the past most asked for your root password during installation. Raspian is "new" in that it is often distributed as an image, instead of being installed from the packages. This is possible because the hardware is so uniform, but it has the disadvantage that you'll have a "known password" on such a system.
Someone will be bitten by this in the future. For a ten-year-old it's great fun to have a raspberry pi scan for "new" raspberry pi's on the network, immediately login as user "pi" with the known password, and then sudo to add a new account for indefinite access to that pi (or actually SD image)....