Your question makes a lot more sense with the anonsteem info. I don't have a for sure answer for you. Accounts are created by other accounts, and the creating account becomes the "recovery partner." Accounts registered through Steemit have the @steem account as their partner, so they would verify your identity if an account recovery was needed.
Your account created with @anonsteem will have them as your recovery partner, and I am honestly not sure if they provide continued support after account creation, so recovery may not even be an option. Definitely a good question to ask of them!
I've also created an account now using SteemConnect, so one of my accounts is the recovery partner for my other account! I have no idea how I would go about serving as a recovery partner, I have a feeling it involves a lot of backend stuff and there are no good user interfaces designed for it yet. I also don't know if it's possible to delegate a new recovery partner by choice.
But... to somewhat answer your question... let's assume someone has your old password and there is a recovery partner ready and waiting. If they try to take over your account by fraudulently "recovering" it, they should only have a 30 day window from when you changed the password. So if you've had your new password for more than 30 days you should theoretically be safe.