There is no change and it works as it was designed, just not as many folks want it to.
Kid's Corner has one goal: to let non-owners of a phone request permission of the owner to access and use a subset of the phone's apps and data. Once the owner grants permission, the other user can play around and turn the screen off/on without the password, as long as the password inactivity timeout doesn't expire. (If your timeout is 15 minutes, your kid can play for 20 minutes, put down the phone to go to the bathroom, and come back 12 minutes later without needing you to re-unlock it because the 15-minute inactivity timeout didn't expire.)
A password is placed on a phone to prevent unauthorized people from using the phone. Many people who have passwords on their phones have them because their employer-provided email pushed an Exchange ActiveSync security policy to the phone and that policy mandated a password. Such policies are generally placed to product records that the company lets the employee access and to limit the legal liability of the employer. With appropriate policies in place (typically a password, inactivity timeout, and device encryption), employers may be able to escape disclosure notices and financial penalties in the case of a potential data breach (i.e., a lost phone containing or accessing company data).
Imagine if a user puts into Kid's Corner an app that accesses company data, that Kid's Corner is allowed to bypass the password, and that the phone is lost. Whoever finds the phone has access to private data (maybe it's your medical records, my financial records, or your kid's educational records). Because the user was allowed to bypass the security settings, the company cannot in good faith say that the data it held had remained confidential. A variety of federal and state laws now require the company to find out whose data was potentially lost, to contact them all to warn them of potential identity theft, often to pay for them to have a credit watching service for 1-3 years, and to sometimes pay fines to various state governments. And that's before anyone decides to sue.
It's in this context that a user's desire to let his or her kids play without asking permission first loses out to the cost of a data breach (a recent lost laptop case that I know had a $10M cost estimate). I can't imagine anyone in health care, financial services, or education (which all have breach disclosure laws to content with) approving the use of a device that could not be secured. The fact that you personally don't have such concerns doesn't mean that Microsoft can allow password bypass because none of the businesses needing protection would be able to trust such a device.