As of the stable version at time of writing (17.2.8.5):
The primary user documentation for passwordless sudo is on the Kicksecure Default Passwords wiki page.
Quote chapter Information / FAQ:
Advantage of setting a user account password:
- Administrative (“root”) rights authentication. (But this is a weak protection. See Prevent Malware from Sniffing the Root Password for a safer procedure.)
The full rationale, developer documentation can be found here:
Versions released higher than 17.2.8.5:
Huge improvement. When the user-sysmaint-split package is installed, account user will no longer have access to privilege escalation tools such as sudo, pkexec by default. Instead, the user needs to boot into sysmaint mode. (An opt-out is available. [1])
User documentation:
Developer documentation:
Written about this also here:
Replace sudo with doas - #35 by Patrick - Development - Whonix Forum