I am not really an MySQL administrative expert, so i always leave the root user untouched (i only set the password).
I create a dedicated user for a certain application and set it up to work from a certain host (i.e. Webserver). The access restriction will be set to a minimum as the application requires (only SELECT's etc).
For development i create a 2nd administrative user restircted to certain source host(s) with full database access.
I would be happy to hear from others (be it their solution or their crticism) :)
Level 197 Nanomage NT from Rimor speaking... err, wait: Wrong Forum!