You have to pass a empty password field if you dont want the password to be changed as the API requires that you pass either a new (cleartext) password or a empty field if you dont want to change the password.
So the corect script is:
$record_record = $client->client_get($session_id, $record['client_id']);
$record_record['limit_web_quota'] = 10;
$record_record['password'] = '';
$client->client_update($session_id, $record['client_id'], 0, $record_record);