I can't find the event you are replying to, so I will answer in general.

No I did not think about that.  If you enter the wrong password the decryption will fail, it won't give a decoy nsec. 

 passwords in general shouldnt be decrypted but encrypted only and match the resulting hash.
i've seen password decription and comparing the plain result so much