If you call MembershipUser.GetPassword you will get a not implemented exception since MembershipUser applies to the old ASP.NET provider. Just some of the frustrations you typically see when using the membership provider model.
In SimpleMembership the password is stored in a different table/entity than the user profile information, and it is called webpages_Membership. SimpleMembership uses EF code-first but it does not give you direct access to the other entities it uses, besides the UserProfile. Everything else is hidden behind the WebSecurity class. So if this class does not provide you with what you need the only way I know to get access is to go directly to the database. Here is a way to do this that I verified works.
var context = new UsersContext();
var username = User.Identity.Name;
int userId = WebSecurity.GetUserId(username);
string sqlCmd = "select Password from webpages_Membership where UserId = " + userId.ToString();
string password = context.Database.SqlQuery<string>(sqlCmd).FirstOrDefault();