Thanks for the assistance. I changed my update statement to the following:
update secUser
set [password] = HashBytes('MD5', 'PW4' + cast([UserName] as varchar(100))),
HasChangedPassword = 0
GO
This gives me the original values I'm expecting since the code that checks the values is using a varchar.