User::setPassword() is going to be deprecated. You could inline the method if you really want to keep the ability to import users with a password rather than generating a temporary password that they are required to change on the next login, although I'd suggest doing the latter.
Note that the "Replace existing users" feature is very likely to lead to users where the old owner of the account can still access it with non-password-based authentication methods.