It’s probably my background with SME–in that environment, the server manager isn’t available to the WAN at all, at least by default. And that seems like a good security measure–if system administration isn’t accessible from the Internet at all, that closes off a lot of attack vectors. But it sounds like you’re saying that the only way a remote user can change his/her password is if the server manager is exposed to the Internet. That sounds like a lot of exposure for a very small operation.
Also in the SME environment, there’s a separate user-password page. I’d feel a lot better about exposing that than about exposing the entire server manager.
Can I expose it? Sure, it’s behind a pfSense router, so I can easily forward another port. But putting the server manager out on the Internet, protected only by a password (no matter how strong), doesn’t give me warm fuzzies.