I think that it’s a sensible security feature to ensure that someone knows the existing password before changing it. Prevents session hijacking attacks etc.