Programmin' Prim8

Symptom: Everything works fine with no mysql root pass set. Eventually you listen to the good imp on your shoulder and set a nice password. Ahh .. life is good, or so it would seem until you flush-privileges, reload or reboot, and find yourself locked out of mysql. Rinse and repeat.

XAMPP 1.4.15 is shipping MySQL 4.1.13 with pre 4.1 mysql.user table structure. This becomes a problem when the --defaults-file option for the service points at a non-existant path, bypassing the old-passwords option which XAMPP apparently assumes everyone will be using.

Long story short, I recommend:
A) You probably want to do this either way. If you ever plan to use the new password hashes, they are not going to fit into 16 bytes.
mysql> use mysql;
mysql> alter table user change Password Password varchar(41) binary DEFAULT '' not null;

B) If you want to make sure your service is loading the my.cnf properly, edit registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mysql\ImagePath
set it to something like:
"C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" --defaults-file="C:\Program Files\xampp\mysql\bin\my.cnf" mysql

C) Now your xampp\mysql\bin\my.cnf file will be read, and you can pick for yourself if you want:
old-passwords or #old-passwords.