Why doesn't System.DirectoryServices.AccountManagement.UserPrincipal.SetPassword() take a System.Security.SecureString for the new password? Is there another approach to changing a password that does use a SecureString?
Not all password handling APIs in .NET use SecureString unfortunately. Not sure why, as the SecureString class predates the DirectoryServices.AccountManagement.UserPrincipal by several releases.
You could use the PowerShell cmdlet Set-ADAccountPassword, which does take a SecureString.