Hi HomerJ,
It would depend on the security level required within your organization is the defaults are acceptable for usage. Several clients have used the defaults throughout the years without negative consequences, but keep the following in mind if you chose to do so, the defaults have remained unchanged for years. This means anyone familiar with the default could use it to their advantage as long as they can get to the setups of your system.
If you accept the defaults, it is recommended to document what you have chosen so that you can have access to it as needed in the future, as recovery is not an option if you lose that information. One helpful tip would be to set the security and communications pass phrases to the same thing, this way if you are ever in wonder of what it might be, the communication passphrase shows within the site admin> configuration settings tab. With this tip you can always see it within site admin as long as you can access site admin.
Hope this helps.
Dan