To reproduce (you will need a 1.9 and a 2.0 installation to compare)..
In the 'validate_internal_user_password' function in lib/moodlelib.php add an echo or similar to display the password as it is inside this function. Login to each Moodle in turn with a password that contains double quotes and a manual user (no need to be the real password for that user).
If, for example, the password was pa"ss"word (with the quotes), the echo in the validate function in 1.9 will display....
The same thing in 2.0 will produce
Presumably the same thing happens when the password is created or changed. However the result is that a password with quotes that worked in 1.9 will fail after an upgrade to 2.0. As many people will be using non-alphabetic characters in their passwords (as recommended) this is likely to be a serious issue for upgraders. The only reason it isn't a blocker is that password recovery should get you out of trouble!!