As a tiny improvement in security and as a tiny step along the path of much bigger improvements in security, I will be changing the site so that you will be required to enter your old password in order to change your password.
I didn't want to just spring this change without warning, as there are probably quite a few people who have forgotten their PerlMonks password because their browser cookie is enough. But, in reality, this improvement shouldn't present much of a problem even for such people.
If you don't remember your password, then just make sure your e-mail address is up-to-date and request a "I forgot my password" e-mail (What's my password?). Yes, work has already been done to change that to send you a URL that gives you temporary access to change your password without knowing your current password rather than just e-mailing your current password, unencrypted, but that work has not yet been deployed (I hope to have it deployed fairly soon).