In a nutshell ... sp_password_rep bypasses some normal sp_password prerequisites thus making the replication of password changes easier, while also providing some level of security ...
- sp_password requires the caller's password to be supplied; while repserver could technically pass the caller's password (for the PDS caller or for the RDS maint user), sp_password_rep bypasses the requirement to supply the caller's password
- the new password is sent in a binary/encrypted format (as opposed to plain text => could be considered as a security issue); sp_password is not designed to handle the password in binary/encrypted format; sp_password_rep *is* designed specifically to handle the password in binary/encrypted format