Showing I'm not a completely blind apple-fanboy, looks like this is a big oversight from Apple: Lion permissions oversight lets non-admin user to change other account passwords.

"Oops."