Every week seems to bring a post here about security and invariably they bring up issues that most of us know next to nothing about but which are discussed in terms that can worry some of us.
The fact is that those issues - when highlighted - are picked over and discussed by many people and if there is any information then it will head our way (let's not go down the vulnerability issue here). But what you need to bear in mind is that for these 'risks' to be exploited it takes someone with the knowledge and very probably shared disk space with your site. So while it could happen, the risk is very very very small. (Which is not to say it should not be eliminated I know... but anyway...)
The risk of your co-worker / lover / EX-lover / stalker / boss guessing the password you have used is much much higher. They can sit there all day and all night plugging in the names of your pets, school, favourite colours, names, foods, birthdays whatever they can think of - and they can do that from anywhere, anytime.
And this doesn't include any user logins, or passwords for private posts either.
WP gives you a random password for a reason - your security.
If you then change that "because it's too hard to remember" you have just weakened your installation. I get to see a lot of installs and passwords - and seeing the same user info for a blog login AND the cpanel login AND the mysql login is not uncommon.
All that person you just annoyed has to do is guess one combination and your website is theirs. And it'll be your fault.
Get a password manager and use it.
Both of these below are free and are highly recommended by freeware sites.