One would expect a certain level of security measures for a site that directly influences your financial situation. Most CRUD applications require you to put in your old password when changing your new one. Apparently you can actually trade coins away from your account without typing your password on MtGox. That's just ridiculously unsecured.
I don't think that'd solve the problem though. His password was stolen. So the hacker had the password and entering it twice would be the same barrier as entering it once.
