Otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here.
That's correct, however that's what people have been asking for in this forum repeatedly. For someone to crack their ('own' -- in reality: bought, fake) wallet.dat password, assuming the person doing it wouldn't then just go ahead and empty the wallet immediately.Maybe wallet scammers changed their strategy and now sell supposedly TrueCrypt-encrypted wallet files, instead, that when decrypted are still secured with a password.
Meanwhile it's just a /dev/random dump. 