This is a new one on me, but according to Microsoft, on Windows XP (and I assume Vista) the use of a blank password on a user account is more secure than the use of a weak password... like "1234" or "aabb". Why? because if a user account is created without a password, then that account cannot be accessed remotely. I have not tested this but I have to assume that they set a local security policy that blocks remote access if the account does not have a password.
Sounds like it's time for a lab test on this one.