It sounds like the old software performed these steps when creating a new wallet: Generated keys/address/etc. and wrote this data to a new wallet file. Read the file back in, applied the encryption password, and wrote the data back into the same file.
This means that for a brief instant, the file contained unencrypted data stored on your drive. Additionally, there are two long term vulnerabilities:
1. Depending on the OS and file system, the second write might go to a new logical allocation block on the drive. Thus the data in the old block remains - waiting for a file recovery program to sleuth it out.
2. If you are using an SSD, then by their nature, the second write goes to a new sector. The old sector gets added to the queue of sectors waiting to get bulk erased to ready them for another write. Once again it may be possible to read every physical sector looking for keys.
