I can't speak on behalf of the core devs but I've been involved with TKL for a while so I think I can speak with at least a little authority. :)
Firstly a question for you. Not sure what you mean by "command line power tools"? Like TKLPatch? Or something else?
Some answers:
Passwords - You should be able to set passwords at first boot. I'm not sure why that didn't happen for you? Are you using the current release? (v11.x) Where/how are you running it? Live from an ISO/CD? Or is it installed to hardware or vm from ISO? Or imported vm image? Or are you using AWS? (If you launch AWS instance via TKL Hub you can set passwords prior ro launch).
Username(s) - I'll give you my 2c on usage of root below to keep my response somewhat corresponding to your post. So I'd say one of the reasons TKL uses default usernames is that TKL appliances are designed for a very wide audience. They are provided as a foundational product rather than a highly customised end product. On one hand they've got some nice customisations and additions, but in another sense they're quite minimalist. This means that as they currently sit, they should be fully functional and accessable OOTB for a 'newb' but also provide a great platform for customisation without requiring to much trimming for 'power users' and pros. Generally using default usernames shouldn't be an issue, and if you think it is, then they are generally pretty easy to change.
Hostname - Above also applies to hostname. The hostname is really easy to change if you wish. nano /etc/hostname and change it to whatever you want (<Ctrl><x> to save and close). If you are (or want to) using a FQDN then you will also want to edit /etc/hosts
Documentation - This is one area where TKL definately has some shortcomings. There has been some (slow) progress but it still far from ideal. By design most the the upstream docs (Ubuntu particularly) are relevant to TKL so that's at least of some help. I definately agree that it would be great to have clearer documentation on what the TKL tweaks and customisations are and their rationale. Some info iis buried here in the forums and the docs are absent without design or intention,it's just that the core devs are a 2 man team and their resources are limited. Everything they do, comes at the expense of something else cool they could be doing instead. I think that even if all upstream software development froze it'd still probably take them years to catchup with all the great ideas, suggestions and additions they have on their todo list. The devs are usually fairly responsive to questions. Although they can take a while to respond because of their ongoing commitments, they usually get there in the end.
root acount - I'm pretty sure that the devs have explained their rationale for using the root account but I can't find it ATM nor can I really recall fully. But I'll give you my 2c. Disabling root on a desktop system makes lots of sense. One important security concept is to only require as much admin power as required. On a desktop mostly you do not need root powers and when you do, sudo adds little work if you are only running a few commands, or there's always su if you want to run a few. It also reduces the chances of you destroying your workhourse with a casual command without due regard for the consequences! But on a server system it makes a lot less sense. All the software pre-installed and pre-configured on TKL appliances alreay runs under limited user accounts. So even if the services get hacked into, the damage will be limited. The apps pre-installed on TKL usually have their own user account systems, but these services all generally run under a specific limited webserver account.Often servers will be run as a single user environment (root the only useraccount that can login) so it makes little sense to have an extra user account, when they are run multiuser then generally you will not want those additional users having root access anyway (not even under sudo) so again it makes little sense to even have it installed (it actually increases security without sudo in that sense). The only extra security disabling root gives you is 'security by obscurity' and generally it's not that useful against any serious hacker. The core devs (Alon and Liraz) have history in the security field (both having experience in military IT security) so needless to say they take it very seriously. Still as I've already highlighted the system is highly configurable and if you wish to install sudo, create new (sudo) users and disable root, your able to do so pretty easily:
This should ask you a number of questions including the desired password. Password can be changed with the passwd command.
adduser <newuser> admin
Now you can logout and logback in as your new (sudo)user.
logout
Once logged back in you can disable root
sudo usermod -p '!' root
AWS - AWS is great and via the TKL Hub its really easy to use. I'm not 100% sure whether the free accounts are possible for use with TKL, you'll have to do a bit of reading of the Amazon fineprint. I thought that this question had been answered recently but I couldn't find it. Anyway assuming that the free accounts include use of small (&/or medium) instances (TKL AMIs are not available for micro or large instances) then I reckon you should be right. Probably easiest way to find out for sure, is sign up for one then try linking it to a Hub account and launching an instance and see if you get charged for it (don't forget to run a TKLBAM backup if you want to keep any data and shut it down when you've finished). It's pretty cheap by the hour but can clock up if you are running it 'always on'. There are significantly cheaper (although not as convienient) options if you're only hosting a few low traffic blogs (even the small instance is high spec for a basic TKL server IMO).
Hope my extended rant answered some of your questions. :)
Some answers...
I can't speak on behalf of the core devs but I've been involved with TKL for a while so I think I can speak with at least a little authority. :)
Firstly a question for you. Not sure what you mean by "command line power tools"? Like TKLPatch? Or something else?
Some answers:
This should ask you a number of questions including the desired password. Password can be changed with the passwd command.
Now you can logout and logback in as your new (sudo)user.
Once logged back in you can disable root
Hope my extended rant answered some of your questions. :)