Permission levels needed for ChangePassword page

I am building an extranet site where the site users have very little security. If the users permission level omits view application pages, then browsing to the change password page results in an access denied page. If I grant the level 'view application pages', the users have read-only access to the site contents, which I do not want. What is the best way to expose the change password page without exposing the site contents?
If you're using an application page, why not do it as an anonymous access page (UnsecuredLayoutsPageBase) (even though you obviously have to be logged into to change the password). Some info on this is here:
Hi Chris,

Thank you for the quick response.

I ended up creating a site page with the change password web part, and then changing the path to the change password page in the FBA Site Configuration section.