The default Ubuntu phpMyAdmin install asks whether dbconfig-common should be used. If you answer Yes, then:

1. the install creates a new (MySQL) user named phpmyadmin with the password you supply
2. this user is given rights only to the phpmyadmin database (with only usage on everything else)
3. the new user's username and password are stored in /etc/dbconfig-common/phpmyadmin.conf, with the passsword in clear

phpMyAdmin is actually installed with auth_type=cookie, so it doesn't need any new users. You can log in as any existing MySQL user.

I'm having trouble understanding what the point of dbconfig-common actually is. User phpmyadmin doesn't appear to be needed, and only has rights on a database that isn't important to the end-user, and creating a new user increases the attack surface. If I drop the phpmyadmin user from MySQL, it doesn't seem to affect phpmyadmin functionality at all, except that I get a warning (access denied for user 'phpmyadmin'@'localhost').

Is dbconfig-common doing something else that's important, or should I try to set up the phpmyadmin config file manually? The current docs appear to be here, but they don't answer the question.