He reset his password using the IForgot service. So either data is encrypted under a key apple has or its encrypted under a key derived from your secret answers( which is unlikely). In the latter case, Apple might as well have your key given the limited entropy
Or it could be encrypted by a random key with high entropy, that Apple does not have, because it is encrypted by a key derived from your password. See, for example, LUKS:
And that key got onto his new device how precisely? Observed behavior was reset password with questions/email, prevision a new device, get old chats on new divice. If the new device had the old encryption key, how did it get there?
