Yes, I also think that nobody who owns a wallet file with several million USD in it would share it or if they would then not before they have been sitting on it for several years and many of the wallets here have been tried to be hacked for over 5 years. But I wonder if it wouldn't be possible to overwrite the part in the wallet with a new password?
But it would be cool if you would publish the hacked wallets and the corresponding password to test with. In the case of the 10,000 BTC, the only thing that stands out is that James1971 had previously written that he had the password.
Passwords are for decrypting ckeys in wallets, ckeys consist of private keys (not only).
If password fits in the first place, it is accepted by Core, but does not decrypt ckey=pvk, ckey is verified with checksum, and with these passwords checksums verified are not the ones for whole ckey.
As ckey there is also mkey for each entry in the wallet. Mkey is encryption key for ckey.
https://wiki.haxor.pl/index.php/Ckey_mkey