Hi Kyle,
One of the big problems that I can see with the password changing (and yes, I experienced that as well when I used the first version of FB and my brother got to my computer while I was logged in...) is that anyone can change the password WITHOUT HAVING TO ENTER THE PASSWORD AGAIN!.
Here is a usecase: User A logs into the site, leaves the room to get himself some coffee. Meanwhile, little brother of A thinks it would be hilarious to change User As password to something rude, User A comes back, works on site and logs out at the end of the day. The next day he cannot log in anymore. He asks brother, and brother has forgotten... User A is then in s**** since he has his work on there.
What I would suggest is that the user has to enter the password again when he changes his main password (eg OLD PASSWORD + NEW PASSWORD = CHANGED PASSWORDS)
Any possibility to have that?