The following hack allows users to change their own email password in roundcube 0.2-stable.

Updated: Thanks to Lukather from a bug which wiped out email passwords has been fixed

**Step 1. Modifying program\steps\settings\
Aproximately near line 28, there is a block where an array is declared. It starts with “$a_user_prefs = array(“. Just add the following line under the “‘prefer_html’ => isset($_POST[‘_prefer_html’]) ? TRUE : FALSE,” line

// Password MOD
'password'  => isset($_POST['_password']) ? TRUE : FALSE,
// End Password MOD

Now after the *foreach ((array)$CONFIG\[‘dont\_override’\] as $p)* near line 39, add the block which handles password saving to DB

// Password MOD
if (isset($_POST['_password']) && !empty($_POST['_password']))
$tmpEncPass = YourEncryptionFunctionHERE($_POST['_password'], "");

mysql_query("UPDATE CCC.TableWithPasswordHERE SET password = '".$tmpEncPass."' WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());

$_SESSION['password'] = encrypt_passwd($_POST['_password']);
// End Password MOD

In case your database holds encrypted user passwords, put the name of the hashing function in place of YourEncryptionFunctionHERE. If you are storing MD5 hashes of the password in your database and the hashing function you use is md5, you would be writing that instead of YourEncryptionFunctionHERE. Don’t forget to change the query in mysql_query to make it work with your database.

Step 2. Modifying program\steps\settings\
Near line 161, look for “if ($table->size())“. Before this line, add the following block:

// Password MOD
$field_id = 'rcmfd_password';
$input_password = new html_inputfield(array('name' => '_password', 'id' => $field_id, 'size' => 20));

$table->add('title', html::label($field_id, /*Q(rcube_label('skin'))*/ 'Password'));
$table->add(null, $input_password->show());
// End Password MOD

Feel free to ask for help by writing a comment!