First I just want to say thanks for the great plugin and support.
I too want the ability require password change on the user's first login. Currently I am allowing users to set their own password on registration, but I've been contacted by several of my users pointing out that their password then gets sent to them via email in plain text, which isn't very secure. I believe it's WordPress itself, not TML, that sends that email, but I haven't yet figured out how to shut it off. So I think the safest thing to do would be to send them a default password when they register, then require them to change it.