PHP support variable-lengths argument lists. Simply put you can pass as many additional arguments as you want to any function and PHP won’t even blink.
If you look at the source of $wpdb->prepare() method it simply fetches all arguments with func_get_args() into variable and works with that. It doesn’t care about function signature (older or current either) at all.
So I think this is completely unrelated to your password issue, I’d try poking that plugin.
PS 3.2 is not that much different from 3.1, why problem upgrading? Running outdated version is trouble in the long run.