When configuring SSL for Kafka; If the truststore password is not set, Kafka fails to start with:
The truststore password is not required for read operations. When reading the truststore the password is used as an integrity check but not required.
The risk of not providing a password is that someone could add a certificate into the store which you do not want to trust. The store should be protected first by the OS permissions. The password is an additional protection.
Though this risk of trusting the OS permissions is one many may not want to take, its not a decision that Kafka should enforce or require.