Hello,
It would be better if we changed the salt per installation. That'd be easier if GotS had an installer. I wonder how usable it'd be to make it part of the installation instructions.
The main security concern is that if someone gets a hold of your database, they'd be able to decrypt the passwords, since everyone has the same salt. If someone compromises the location at which we store the salt (like config.yml), changing wouldn't matter a whole lot. But we should anyway.
I don't think there's going to be a way to regenerate the passwords with a new salt unless you reset everyone's password. GotS can't decrypt the password in order to regenerate it...