Currently any credential definition change is considered dangerous, for e.g. pending registration requests using the credential. This is bit painful on large sites, so a better algorithm should be implemented, blocking credential updates only when an actual reconfiguration of credential is dangerous. E.g. changing credential reset notification channel is not dangerous.