Since Coinomi is closed source, shady and has a history of doing very insecure things such as sending your seed phrase to a remote server, we can not know what actually happened or whether your seed is correctly encrypted with AES256. Their implementation could be flawed which could allow decrypting the file easily by exploiting it. Or maybe they are sending your seed out to a remote server again that was stolen on its way out!