Thanks guys!
I tried the light wallet with a few IOTAs for testing.
Isn't it a risk having a seed that is not passport protected ?
How likely is it that with growing adoption or just by try and error someone enters another persons seed and gets all IOTA because no password is needed ?