If you ever expect to connect your IIgs to a network (including the internet) it is recommended that you password protect all of your GNO user IDs. This is done with the passwd(1) command; see the manual page for details.
Because there is no inherent security features in the Apple IIgs in general (or GNO in particular), password protecting accounts on a stand-alone machine does not gain any real level of security; if someone has physical access to your IIgs, then they can get anything off of it that they want to. On the other hand, password protecting your accounts can't hurt, and it is an excellent habit to get into. (Rather, not password protecting accounts is a very poor habit to get into.)