Hi Kent
This is from the SetProtection method description and is to ensure certificates are not being changed by users after being issued. Unfortunately there is no option in the user interface to switch this off. By default Totara does not set a password and this is why it's possible to access without one.
The code that controls/enables this in the standard Totara certificate module is:
$pdf->SetProtection(array('modify'));Removing this/commenting it out from this from each of the four certificate types should remove the password protection (i.e /mod/certificate/type/XXX/certificate.php). You should not need to edit the tcpdf library at all ( lib/tcpdf/tcpdf.php).
Changes of this type would be considered a customisation and would need to be fully tested by yourselves (any issues that were a result of customisation would be unsupported).
Regards