If you have your ColdFusion site in a hosted environment and you do not require a username/password to connect to DSNs at the query level, you are basically giving anyone an open invitation to do whatever they wish with your database and your data within.
I know that sounds somewhat alarmist, but using the ServiceFactory, any developer can dump the DSNs on the hosted server and loop through connecting to each one. As a test, I did this on…. umm…. another server… somewhere else entirely, and found that of the 300+ DSNs on the server, easily 75% of them were wide open. I did this in 15 lines of code!
If you care at all about your site or your data, or even just care about good programming in general, there is no excuse not to take that step.