But why would anyone not put a password for it?
Because my laptop has full drive encryption and is never unencrypted unless I'm actively using it. If someone can break that encryption then they can definitely break a password to some random application.
That's not really a good reason.
Your files can not be accessed when your computer is shut down, yes.
But malware could theoretically access these information while your computer is running. If ledger live is then protected by a password, no information can be extracted.
Otherwise you'd leak some information there.
Even though i believe that people using full drive encryption know how to protect against malware, this shouldn't be unmentioned.
For a standard user a password definitely is recommended.