For lack of a better name, certain accounts will be called "PAM Accounts," since they're authenticated via the Plugin Authentication Module login system. Due to the nature of so many different services not coded by me on this server, unfortunately not all services can use this system. PAM Accounts are normal user accounts on the server, and should you get physical access to the server you could theoretically login (I say theoretically because there isn't normally a screen or keyboard connected). All services coded by me (and a few that aren't) will use this system, and will be noted as such on their page. This system is far more secure than the others being used, so be aware.
At this time, I'm unable to allow password changes in a safe way outside of using "passwd" via SSH, however SSH access is restricted to a small group of people. Those who do have SSH access will be able to change their passwords at will using the passwd command. A fix for this problem is indeed on the todo list, but it's backlogged due to there not being enough information on the problem. If you have suggestions, especially any that would involve PHP, I'm all ears. I have ideas, but due to the low demand, this is a low priority issue.
All other accounts are mentioned by their services page.
I'm going to remind people here as well as the page for thelounge: passwords in thelounge are insecure and I don't have a good solution for it. I've limited read access to the files, but they are stored plaintext and due to the nature of the software, there's nothing that can really be done about it. This is a problem with the thelounge software, and the nature of how it works doesn't really allow them much choice on how to handle it, either. For more details, see this site's page on thelounge.