If you have a fully redundant internal BGP, and are running all
12.2S/12.3/12.2T, then you can rather safely do the internal BGP
passwords without a customer notice, expecting no session drop but
knowing if one did you'd have routes via a second BGP reflector
anyway.
Just an FYI, when we changed sessions that had full routing tables on
them at 2am CST with barely any traffic, it causes malloc failures on
the Cisco 7513. So it's something I would reserve for a maintenance
window if you have one.