but is it my responsibility to suggest they change the password? especially since a 'professional' it outsourcing company took it over?
The problem is 'suggesting they changed the password' is proof that although you no longer work for them, you tried using your credentials to regain access to their system.
If they are dicks, they might call up the police and press charges for unauthorized access to their computer system, even if you think you're just trying to be helpful, testing to make sure your creds are no longer valid.
This! In this case, suggesting they fix can do nothing good for you and they can potentially try to have you prosecuted for unauthorized access. You know you were fired, the letter proves you know that you aren't supposed to be able to access the systems, and it also proves you accessed the system. They won't have an epiphany and hire you back if you point out security flaws, in fact it is more likely they will shoot the messenger. Best case you get a thanks from a company that thinks IT is overpaid and screwed you over. Worst case they attempt to make your life miserable. Furthermore, if you still have access, how many other holes are still sitting around their network? Who else still has access? They don't need a letter helping them plug up a single hole, they need someone like you fixing their security, which ironically they don't have anymore.
I had the rare misfortune of being one of the first people to try and implement a PL/1 compiler. -- T. Cheatham