What is the proper way to either delete, disable or at least change the default password of the 'isis-module-security-admin' by means of code or configuration?
The module defines the SeedSecurityModuleService that runs the SeedUsersAndRolesFixtureScript that in turn sets up the account isis-module-security-admin account.
Currently this isn't configurable, but you could raise a PR against SeedSecurityModuleService where the IsisModuleSecurityAdminUser fixture script could use an @Inject ConfigurationService to read the value of the name to use from a config property, eg "isisaddons.module.security.adminUserName"
HTH Dan