well we are making changes to the core of buddypress because in the settings of the profile user you can change the password but we have a plugin for policies about the password and we want to only use this for change the password
this is another tip for future versions of BP that you can use the core of the change password and not the BP
so dont worry if you tell me where is located this cookie we can set secure an make some test in the weekends because our site start to be auditing by third part with acunetix and they found some vulnerabilities maybe you can use this for audit the BP we are using BP and WPLMS template
