By default it won't have a password.
On Mac OS X server (and a lot of linux systems) the web server is set up to run as a special user called www. This protects your server, since (as you've figured out) www is a special user without a password and with no permission to log on to the machine (graphically or via ssh). This means that if your web server is ever compromised, any attacker will have very limited ability to damage the server. I heavily recommend that you leave it this way, especially if you're running live sites on your server. Of course, if it's just your own personal server with nothing important (i.e. clients sites) on it, it's not so important.
If you want to FTP files, your best bet is to:
- Create a user group called 'www' if one doesn't already exist
- Create a normal user that you'll use to FTP, and add it to the 'www' group
- Set your webroot (and all files in it) to be owned by the www group with write privileges.
This doesn't help you if you have no physical access to the machine. If this is the case, you can always ssh into the server as an administrator, type sudo -s to get a root terminal, then change the files as you see fit. Just make sure the permissions are set correctly for any files or folders you create, or www won't be able to modify them (important for things like WordPress's upload folder).
chown -R www /path/to/web/folder