Actually the author didn't prove this. The author entered their account password to retrieve the backup. Restoring the most recent day of messages could be done from a plaintext backup or it could be done by loading an encrypted batch from the iMessage servers. We don't have enough information to know for certain either way.

The author said that he changed his password and then got a new device and accessed recent iMessages on it. So that rules out the password as the encryption key.

It rules out the password as the encryption key, but it doesn't rule out encrypted backups. Implementations of encrypted volumes, such as in LUKS on Linux, commonly use the password as something that unlocks the real encryption key. So during password change, the new password could be used to re-encrypt the backup encryption key, making it so that as long as Apple doesn't store the passwords, Apple can't have access to the encrypted backups.

However, this is really far into the weeds on a topic that doesn't matter so much, as none of it really relates to Apple's claims about iMessages.

He reset his password using the IForgot service. So either data is encrypted under a key apple has or its encrypted under a key derived from your secret answers( which is unlikely). In the latter case, Apple might as well have your key given the limited entropy

Or it could be encrypted by a random key with high entropy, that Apple does not have, because it is encrypted by a key derived from your password. See, for example, LUKS:

http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

And that key got onto his new device how precisely? Observed behavior was reset password with questions/email, prevision a new device, get old chats on new divice. If the new device had the old encryption key, how did it get there?