If you use XAMPP as local development or testing environment (which is the only supported environment) there is no need to secure anything because you are secure behind your routers firewall. No need to confuse yourself.
But okay. The xamppsecurity page shows all the information you are missing:
MYSQL SECTION: "ROOT" PASSWORD
MySQL SuperUser: root
New password: [ ]
So it is obvious (for me) that you set a password for a user named root