If I enable my Tor Control Port 9051 to allow all localhost connections to send signals and modify tor, what security risk do I run?
It is suggested I require password authentication for control port access but SAY I DONT, or cant -Generating tor controlport password
What will or could happen if I do not set up password? Thanks
The risk is fairly low depending on your configuration. Potentially, other applications on the system would be able to authenticate and send commands to your controller and affect the relay (which could include adding/removing hidden services or forcing you through a particular exit node which could expose your traffic to them).
The control port only binds to 127.0.0.1 so it wouldn't be reachable externally unless there was a port forward set up which would be a terrible idea to begin with.
If you were on a shared system, then any user with access could control your Tor instance.
