What type of username/password security is there? (for example sharing a
Cassandra db between applications, and isolating their access controls)

Also I should point out, that the default startup script for Cassandra also enables the Java debugger and JMX connections from anywhere, both of which are probably even more security risks than Cassandra's own protocols.