No, it just doesn't matter whether it has a password or not because the password is never used.
If you want to control what users can access the docroot folder, the best way is to set it up as follows:
set the owner to be apache2, and run httpd under the apache2 account. set permissions for the owner to r-x
set the group to be www, and add users who you want to allow to modify the docroot & its contents to this group. set permissions for the www group to rwx
set the permissions for all others to be r-x or --- depending on your preference
thus you should end up with
dr-xrwx--- apache2 wwww mydocroot
or something similar.