There was no text file with the phrase. And I haven't logged into Electrum since January. None of this is stored in decrypted form anywhere else. Knowing only the password, assuming it is impossible to access the wallet. So another option suggests itself - the vulnerability of Electrum itself, the specified version. It was this executable file that was last executed in January. And it was taken from the link from the previous version, also from the official location.
Can you clarify these a bit?
Do you mean is that when you created the wallet it didn't give you a text/seed phrase?
There is a vulnerability on Electrum before but it was fixed on 3.3.4 lower versions are still prawns to phishing you might have an older version than 3.3.4 and recently updated it to the latest version. Since you said that you downloaded the latest version by using the link from the previous version which is possible a phishing site.
And did you just install it without verifying the installer with the GPG tool?
I don't have any issue using the latest version but if you believe that it's a vulnerability you are free to report it directly on their GitHub page and then bring some proof that there is a leak.