No, RPC is there to allow control of bitcoind by other programs. Like, imagine you have a website that needs to perform payments automatically. Your web server contacts bitcoind and requests the payment. If authorized, bitcoind performs the payment. It doesn't matter if the keys are encrypted or not, as it is the bitcoin software itself that's signing and sending the transaction. It can decrypt the keys if needed.
The hacker did not steal a private key. It managed to access bitcoind and control it, requesting the payment thought the RPC interface. Bitcoind treated it as a legitimate request.
Normally this control interface should not be publicly accessible, but in this particular case it was.

Do you see the difference?