Currently there is no real way to set a registered users password. This means that if a users certificate is lost or expired there is no way for them to retrieve their account.
And example of this is expiring certificates. There is no path to upgrade a certificate except my getting a password set on the server. You would have to get an admin to remove your account, let you re-register then add you back to all of your groups. This is a real pain. I think that there should also be a way to add another certificate to your account without a password but that is a separate issue.
I understand it isn't as secure but for some people that is not as necessary and they just want convenience some times. Also, having a way to set a password should come with a way to remove passwords. This would solve the security issue as well because you can set your password, add the new certificate, then remove the password.