I really don't see the drawbacks to making the settings more configurable as long as it defaults to currently configured settings for a wiki. As long as what would trigger a forced password change can be controlled by the end user of the software, I can't think anything that should stop development.