When considering If auto login is a risk we must first know the use for the machine.
Like when it’s a public machine having that autologin is not really a problem if sufficient safeguards are put in place to prevent abuse.
Think of machines like kiosk or ATM’s or other public service machines.
When we are talking about a personal machine it depends on the use. If it’s for someone that can not be expected to enter a password it could be ok to have that autologin. (Think users like people with memory issues / dementia or users that are really old / need some sort of assistive technology, like poor eyesight /blind or mobile limited / in a wheelchair). In such cases alternative safeguards are needed to protect the user and system because since a password is not an option.
If it’s for a normal person without limitations in use of the machine, the risks of autologin are far greater than the benefit it offers.
If easy of login is wanted you could consider using a login stick instead of a login password (like a yubikey Or alike).
If the machine is mobile no password is a no go (imho) same goes for encryption of the disk (I consider that a must have). These things are impossible to combine with a auto login.
As always first consider what someone could do with the additional permissions (no login in this case) that you think are unwanted or a risk.
Than consider the “cost” of having the feature in place, not just the cost in money but also the cost in time and effort.
Security is a game of having the most gains while keeping effort reasonable.