I would recommend disabling the setup express feature(
no setup expressin configure mode) as it really provides NO benefit in my eyes. It does not affect the password recovery feature(unless you are super paranoid, disabling password recovery can be disastrous).
My argument is that while a switch is powered on, there should not be this easy to essentially reboot the switch with a blank config, with the only way to remedy is renaming files via console cable. This can have one nosy user/janitor take down your switch until you can run out there with a laptop.