While I think this is a worthwhile enhancement, it won't fit all use-cases. In particular, the password change should only be allowed if the auth backend supports it (probably only for builtin-auth). Allowing email changes should probably also be configurable. I use LDAP usernames, which have a 1:1 relation to email addresses, so I don't want users messing with this.
Aside from some tiny bugs/style issues, this looks good. Committed with minor changes. Thanks!