Well, the thing is, you *reset* your password – you did not *change* it. If you had *changed* it (which does require knowledge of the old one), the existing encrypted files would indeed have been decryptable with the new password!
I guess we’ll have to be even more clear about the meaning of password reset. But then again, no additional harm was done by the password reset.
We do try, I really have to say this! We write a big warning in red text on the password reset page:
Still, we’ll have to try harder. Thanks for your input!