Furrin_Gok said:
Wait, would our password be sent in requests if we've been logged in the entire time, or only if we had to re-enter it?

Only if you had to re-enter it. It would still be wise to change it as a precaution, even if you did not log in during that period, but the choice is yours.