"LILO and GRUB allows users—the root users—to boot into single-user mode. Both have a password protection feature with a difference. While GRUB allows for MD5 encrypted passwords, LILO manages only text passwords, which anyone can read from the lilo.conf file with the command cat /etc/lilo.conf."
1) You can run chmod 600 /etc/lilo.conf so only root can
read the file thus the password.
2) <quote from lilo manpage>
The password may be specified in the config-file (less
secure) or entered at the time the boot loader is
installed. To request interactive entry of the password, it
should be specified: password="". Passwords entered
interactively are not required to be entered again if the
boot installer is re-run. They are cached, in hashed form,
in a companion file to the config-file, default name:
As you can see, lilo supports not only plaintext passwords
but encrypted too and this is supported for a long time.