So this means that the xprivkey is not deleted, but is rather disregarded for calculating new addresses (and a new xprivkey used for future receiving/change addresses), correct? This would make more sense verses deleting the xprivkey and saving the used private keys because the wallet size could suddenly explode if thousands of addresses were used with the "old" xprivkey, and might cause issues if you change the password to a cold storage wallet.
No. Whether the xprivkey is deleted or disregarded for new address generation does not matter. When a new address is generated, the public and private keys are immediately written to the file, just as Core does with the non-HD wallets. The private keys are not generated on the fly, instead the private keys are written to the file upon creation. This means that the keys are already in the file when the password is changed, and just the unused keys (from the lookahead keypool) are deleted.
If this is not already the case, then I think a prominent warning that a wallet will need to be re-backed up when the wallet's password is changed, as other HD wallet programs do not change the xprivkey when a wallet's password is changed.
Yes, there should be warnings, but I don't think there is even anything telling you to backup in the first place.