I will log a bug for this, it was corrected in the security assist update user b=page, but not for pages created by data assist.
remove the required validation for the password filed, and remove the initial value for it.
then in the update record wizard, the code for the password binding may look like this:
<?php echo ((isset($_POST["UserPassword"]))?WA_SHA1Encryption($_POST["UserPassword"]):""); ?>
this is a ternary expression that will check to see if the password element has a value, the second parameter is set to pass a blank if it does not have a value, change that to use the recordset column if the password is left blank:
<?php echo ((isset($_POST["UserPassword"]))?WA_SHA1Encryption($_POST["UserPassword"]):$row_WADApcms2_users["UserPassword"]); ?>