Well, the current passwords may no longer show up in the panel, but...
If you change the password, it is still echoed back on the following screen. A small risk of "shoulder surfing" and screen scraping still exists.
I would prefer a simple "password successfully changed" and nothing more.
I would also prefer storing md5 hashes instead of plain-text passwords. It can't be stolen if it isn't on the system.