Before a server admin is configured, all clients have admin privileges. This is fine when HTTP access is restricted to trusted users. If end-users will be accessing this CouchDB, you must create an admin account to prevent accidental (or malicious) data loss.
Server admins can create and destroy databases, install and update _design documents, run the test suite, and edit all aspects of CouchDB configuration.
Non-admin users have read and write access to all databases, which are controlled by validation functions. CouchDB can be configured to block all access to anonymous users.
Couch has a pluggable authentication mechanism. Futon exposes a user friendly cookie-auth which handles login and logout, so app developers can relax. Just use $.couch.session() to load the current user's info.