Ah, I see. I've spent too many years working in IT to remove my password. I have enjoyed relaxing some of the rules imposed by my employer, since retiring (having to change my password every 90 days, in order to comply with Italian law, even though I'm UK resident, for example. I could understand 92 days, as you could then change it on the first day of each quarter).
I don't recall whether the 5 seconds of grace before the desktop locks was a default in XP, or if I'd turned it on somehow. I suspect it was a default, as I'm unlikely to have come across it otherwise. I found it useful on occasions, and it represented zero risk, as I worked from home, so no one was around to sneak in during those few seconds.