Noticed that with an encrypted SQLite database file you can change to a new password without specifying the old password. I know that to do this you have to be connected first (with the old password), but I wonder if it wouldn't be safer to only allow you to change the password by specifying both the old and the new password.
RBS
RBS