Comment 4 for bug 882255

Actually, leaving any user account that can sudo to root without a password leaves the machine potentially open to intruders. If someone exploits a vulnerability and gets access to a shell, he could potentially gain root privileges on that box. It takes only one insecure account to compromise the machine. Moreover, physical intruders would be able to login to your account quite easily.

I have looked at the Ubuntu security policies, this is the actual policy for Sudo/root passwords:
<https://help.ubuntu.com/community/RootSudo>

There is, in fact, a procedure that disables the password prompt for sudo (it's described in that page under "Remove Password Prompt For sudo"), but it's officially unsupported.

Nevertheless, I agree with you, in a certain kind of way: there is a discrepancy in the way password are handled, so either 1) the check is done and the password prompt for sudo is disabled every time an empty password is chosen (maybe editing the configuration files for PAM or sudo may fix the issue once and for all), or 2) empty passwords are disallowed altogether (this choice, from a security point of view, is much better; on the contrary, it may be annoying, for example, for users who want to login automatically at boot time or who do not need a password for technical reasons - the system "database" users for PostgreSQL and MySQL are a good example).

Personally, I'd opt for the check being done, although there should be a warning against using empty passwords.

I'm asking in the IRC channels for further advice.