A hidden input field is passed as a type="password" html input field, with the value passed as with other input fields.
See if you can catch one of these in action--does the "old" password field have any data in it? Also, check the view-source to see if the old password is actually being set properly in the value attribute.
You can probably test some of this behavior on a normal password entry, by mis-keying once-- does the field re-display with any data, or empty?
Looking at the code, the only difference between a hidden unprotected and a non-hidden is the type="text" for the non-hidden and type="password" for the hidden.
Perhaps a work-around while this is resolved would be to slap a template on this one, and not send-out the "old" at all, in case the password type input clears any value="data"...