It's not quite as secure as having a password, but you can force the proxy to listen on localhost-only (or any other specific addresss) by specifying it along with the port:
ssh -D 127.0.0.1:8080 some-host.elsewhere.example
This won't protect you from people who already have access to your host, or from people standing behind you, but at least folks on your network can't use your proxy.
