When wallet passphrase enrcyption becomes enabled, any unused keys from the keypool are flushed (marked as used) and new keys protected with encyption are added.
from
https://en.bitcoin.it/wiki/Wallet_encryption could be source of the confusion.
Which is cleared up by BookLover;
It is true that it prunes the "keypool", but this is simply a bunch of pre-generated keys which bitcoin-qt uses whenever it needs a new key. There's a lot more to this question than meets the eye but the simple answer is:
All coins in the addressess created before the encryption will be accessible to the thief. This includes coins sent to these addresses before and after the encryption.
And you can prove this to yourself very easily. Just do what you are suggesting.
I have done this on my test rig, but you can follow this demo and see for yourself.
From the command console of bitcoin-qt:
21:07:10
dumpprivkey 12JCRJTxKjwbucjdP12hZwa9TeqLjsmAP8 <-- this dumps the private key for the specified address
21:07:10
L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ <-- this is the unencrypted private key of the address (no coins associated!)
encrypt wallet (test) <-- I used the gui to encrypt the wallet with the pass phrase of 'test'
21:14:02
walletpassphrase test 6000 <-- this unlocks the wallet using the encryption key of 'test' for 6000 /units of time/
21:14:29
dumpprivkey 12JCRJTxKjwbucjdP12hZwa9TeqLjsmAP8 <-- with the wallet unlocked dump the private key again
21:14:29
L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ <-- and compare with the previous version
L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ - the same!
