If you navigate down to the "Security" tab between "Status" and "Documentation" tabs how do I solve these questions bearing in mind that I am completely new to XAMPP
These XAMPP pages are accessible by network for everyone UNSECURE
Every XAMPP demo page you are right now looking at is accessible for everyone over network. Everyone who knows your IP address can see these pages.
MySQL is accessible by the network UNSECURE
This is a potential or at least theoretical security leak. And if you're mad about security you should disable the network interface of MySQL.
The phpMyAdmin user pma has no password UNSECURE
phpMyAdmin saves your preferences in an extra MySQL database. To access this data phpMyAdmin uses the special user pma. This user has in the default installation no password set and to avoid any security problems you should give him a passwort.
The MySQL user root has no password UNSECURE
Every local user on Mac OS X box can access your MySQL database with administrator rights. You should set a password.
The FTP password for user nobody is still 'xampp' UNSECURE
By using the default password for the FTP user nobody everyone can upload and change files for your XAMPP webserver. So if you enabled ProFTPD you should set a new password for user nobody.
Any help appreciated as I wouldn't know where to start with this