I would say that if you don't need to use the SA account leave it disabled. If you need it make your own password that is secure enough. The one generated by setup doesn't really come into play since it is disabled at first (because you picked Windows during start up) and it is still disabled after you changed authentication.