[sabe__]

I was not talking about retyping the new password, but about requesting the old password before you can change it. The reason you do this is because even if you theoretically could hijack the session, you still can not hijack the account. But the priority seems a bit off when the password is more important then the account, which makes you believe that the people behind the sites only added the extra password validation because they seen it every where else, and not because they understand the principle behind it.

[roto]

Its to prevent people from being able to change your password if you step away from the computer for a few minutes to take a piss.

[ef4]

Exactly. The original commenter's point is that they prevent someone from changing your password, but they don't prevent that person from deleting your account.