Per Does distributor_admin need sysadmin? distributor_admin needs SA and per Can the account name of 'distributor_admin' be changed? the name can not be changed.
The password is changed with sp_changedistributor_password See sp_changedistributor_password (Transact-SQL) for details.
When the distribution database is contained on a local instance, a random password is generated and configured automatically. Source
What this all means is that when you have replication on a local instance (i.e. reporting database) no one knows what the password is. It would seem to be impossible to compromise the password. Assuming you are watching for and reporting on failed login attempts, you would know if anyone was trying to brute force the password. This leads to an argument where there is no good reason to actually change the password on a regular bases. You might want to change it on day one, if you don't trust the random password generation, but even that could add more risk then it removes, as now the password has been seen and processed with human contact.
Is there a good reason to change the password for distributor_admin for local instance only?
Best Answer
I posted a general question at security.stackexchange If no one knows a password, is there a reason to change it? as of this writing it has 3 answers.
The consensus is, two part
Examples:
Yes, if you can change it, someone else can change it and have eternal access. If you have a password changing policy 'distributor_admin' should be included in that policy.