As @montrealist says, using an insecure username and password combination on a local webserver installation that is not publicly accessible is not necessarily a security concern.
If the server is publicly accessible, a secure username and password should be used of course.