Change requests of users permit accessing the password hash

Steps to reproduce:

1. Install change request.
2. Login as a regular (non-admin) user or as guest if change request is enabled for guests
3. Enable viewing hidden pages in your user profile or via the shortcut
4. Go to the profile of an admin user
5. Click on "Edit" and then "Save as Change Request"
6. Give the change request a title, you can also mark it as draft to prevent listing in review queues. Click "Save".
7. In the top navigation bar, click on the last triangle to open the menu of child pages and click on the page representing the admin user you just changed
8. Download the XML attachment in the attachments tab

Expected result:

There is an error at some point or at least the resulting XML doesn't contain the password hash.

Actual result:

The XML file contains the password hash of the admin user, allowing efficient offline attacks against the password.

The affects version is just the tested version. This might affect all versions of change request.