Are there any estimations for how many users were critically vulnerable to this potential attack, i.e. had unencrypted seeds in their wallet files? I've tried to do some research, but failed to determine if Electrum was always asking for password during new wallet creation process, or this feature was added with some version? Also, is password optional during creation?
Some users and media have misunderstood this vulnerability and started claiming that "Electrum is completely broken and anyone can steal your coins when you run it", which is simply not true, so it's better to clear this misunderstanding.