I think it’s quite insane that my whole Apple account only has one password. I need the same password for a whole range of actions. I need to type it to ‘buy’ a free app, which has almost no consequences; I can always remove it. But with the same password I can also remotely erase my iPhone, iPad an Mac. So I have no choice but making it a long, complex, strong password. Which stops me from getting free apps, as it’s a hassle to type on my iPhone.
Apple should really have two passwords: A simple 4 digit PIN for free apps (or, up to a threshold: Let’s say I could enable my PIN for apps up to $5). And you could then use your “real” password for features that need more security, such as find/erase my device, buy a $999 app, and so on.