If you leave Piwik open and logged in, anyone accessing the computer could change the email address or the password. Changing email address would allow to "reset" the password.

Therefore, as an extra security measure, we should require the old password to change the password or the email address.

When changing other settings inputting the password wouldn't be necessary.