At the first look it seemed to me that option allows "ssh free root login without any authentication", so just hitting Enter at PW request. But that is a misunderstanding of wording,
without versus
no.
From man sshd_config, that new default option says
PermitRootLogin
If this option is set to "without-password", password authentication is disabled for root
Disabled. That means, "all authentication methods allowed except password authentication", so if root wants to log in this is only possible via other authentication methods (host based or public key authentication). Even if root has set a password and you type it, login would fail without the correct pair of keys.
And don't forget, there is still
PermitEmptyPasswords=no set as default, which refuses login attempts to accounts with empty password strings.