I'm just concerned about this. If i add for example user foo and group foo using these:

$ groupadd foo

$ useradd foo

I still haven't given user foo a password. What if i'll be using user foo and group foo as squid's unpriviledge user and group? Can a hacker use foo to hack my system since it has no password at all? What's the secure way to add an unpriviledge user and group ? (if my method was insecure).