I have recently changed all my various passwords on the Web. A bit surprised I didn't have to sign back into the App with my new password. I realise the app is fairly low risk in the scheme of things.
Basically, when you sign in to the app, the app securely sends your password to the server, which checks it against your account and then sends back a session key (a bunch of random letters, numbers and symbols) that gets stored on your phone. That session key in then attached to all future requests you make to the site, and we don't store your password on your phone at all.
The solution to what you were surprised at would be to invalidate the session key when you change your password, but I suspect this would confuse some people, especially since the red flags with the number of unread posts would disappear until the user logs back in.
FWIW, we also don't store your actual password in the database at all either. It gets converted to a long string of random characters too when you push save, and we apply that same process to the password you type in your password to log in and then check that they match. There's no way to get your original password back from the set of characters we store, unlike all of the plaintext password leaks that have happened over the past few years.
Basically, we follow all best practice and even though you didn't need to log in again, we do a lot to keep your account and credentials secure.