Received an email from support telling me that I needed to change the password on one of my VPSs because it was old. First one of these that I have gotten and at first I thought maybe it was a scam. Honestly, this is a game I don't want to play. If your server is properly secured and firewalled, an old password is no more vulnerable than a new one. Take the feedback for what it's worth. I think you are overstepping.