Form passwords are a primitive way to offer protection for form authors. They can be of any lenght and consist of any characters. They will be sent in plaintext over the http connection, thus leaving them readable by anybody tapping the network (I must admit I don't believe there is anybody). Another possible security hole is that if your web browser caches the pages you received while editing the form, the passwords will be in the cache in a readable format.
So, there is no tight protection in the system, and so it partly depends on no one being malevolent enough to try to get the form passwords when somebody is editing the form. However, once you are done form editing, there is no way for outsiders to get the form password - at least not any way that I know of.
However, as there is the possibility of somebody tapping the password when you are editing the form, you should not use the passwords you have in other systems as form passwords. Moreover, as tapping is a greater security hole than guessing passwords, one can choose very easy-to-remember passwords for one's forms.
At the present, the results of a form are not protected in any way. This might change in the future, but as is, the system should not be used to receive sensitive or confidential information.
This convention has been chosen for the following reasons:
Even though the answers are browseable by everybody, they cannot be altered by anybody (not even the answerer, nor the form owner). While making the system somewhat strict, this provides good answering security while not having to rely on clumsy authentication systems like the form password system.