When the user of the Android Wallet wants to do a backup he has to give a password otherwise the application won't do the backup. Should the application really force the user to give a password? I mean one of the biggest security risks when it comes to losing bitcoins is in my opinion forgotten passwords. Why not make it optional.
Yes, forgotten passwords are a risk.
However, if you backup without or with a weak password, its extremely easy to leak your private keys. Backups need to be stored on public storage (the SD card aka "external memory"), otherwise you would not be able to move them to a safe place (off the device). Thus, any app can read your backup.
In future, you will be able to encrypt your wallet. This means you'll need to enter your password each time you want to sign a transaction. Thus will hopefully help to remember your password.
you can share custom URIs that your app provides to specific apps that can consume those files. (think google drive, email, etc) this is not perfect but it is better than requiring SD card storage (which google wants to remove anyways for usability reasons)