Whether a user profile owns objects, is in a group, is the group, etc.
should have no effect on whether or not you change the password.
What will have an effect is if you do stuff like have PC RMTCMD statements
tied to the old password, RUNRMTCMD for IBM i to IBM i communication,
embedded CONNECT TO ... USING statements using the password in the code,
Lotus Enterprise Integrator (or like techniques), java connections,
WRKRDBDIRE and a plethora of other things.
I say change it. It's too big of a security risk. It's worth the
possible disruption in business that may pop up because of imbedded