He means, don't just set your username and password in the configuration file and allow it to sit there without some sort of authentication so that random users can access it freely if they figure out the url.
NT:
SQLYog allows that just fine
... For a third of the cost lol