He means, don't just set your username and password in the configuration file and allow it to sit there without some sort of authentication so that random users can access it freely if they figure out the url.
Ah, OK. Luckily Phpmyadmin always asks for login/password data.
