By default, sendmail is a non-authenticated service. Its function is to send/deliver mail. It doesn't allow anyone to *check* their mail.
sendmail version over 8.8 should verify that the email is from someone on the subnet or list of allowed subnets. Beyond that, once you're through the filters, it will allow anyone to send mail through it.
If you want to have sendmail authenticate users, you can do it. Poke arround at http://www.sendmail.org/ .
I wouldn't recomend it - its just one more non-encrypted way to send your user info. Once someone sniffs your password, they can quite likely shell into your box and sudo to root.
So, I guess the lesson/theme is that unpassworded can actually mean more secure.