I'd like to setup a PPPoE server with MT that will terminate any username and password. What is the best way about doing this? Will setting up a blank SECRET name make this work or can you add an asterisk as a wildcard?

You can do this with Radius

Can it be done without Radius?

Not that I'm aware of. Usermanager nor ppp secrets would have the functionality you desire. You will have to use a rather custom setup of Radius. I understand the requirement for it, but it's not something that's done very often.

Even then, radius is unable to send access accept for encrypted connections. Only PAP will go. And, because windows is setup to try PAP only if nothing else is available, majority of connections will not pass. It can be done if Mikrotik is setup for PAP only. And, even then, there will be windows computers setup for required encryption... So, there is no solution for all cases...

yes, mschapv2 requires that both client and server know the password (so that fake server cannot sniff passwords)

Exactly, both sides use known password to encrypt data and exchange keys. If they succeed, then password is correct...