- See 2. :)
- Yes. But to answer the question behind it: without knowing the passphrase, that wouldn't mean encrypted storage became accessible. Passphrase and key are required to decrypt.
- A hard-reset just cuts the power. A factory-reset should remove data and reset the encryption (as it would clear the encryption key along)
What you left out is data on your SD card. If the card was not encrypted, the data of course can be accessed. Otherwise, see 2. again.
As you report your device stolen, beeshyams pointed out another fact that might be of interest to you (in the now cleaned-up comments): Factory reset protection would be an added complication to the thief. That is, if it was available and enabled on your device (FRP was introduced around Android 5.1.1 but only automatically enabled for devices which originally shipped with Android 5+), even when flashing a new ROM the "possessor" would still need your Google credentials in order to use it. There are ways to work around that, but they don't work on all devices and are also not easy to perform.