[danpalmer]

I'd definitely attribute this to ignorance rather than malice.

I doubt the police (the person, not the organisation) knows or cares what else can be done with the password, to them it's just the hoop they need to jump through to see what they need to see for the task at hand.

I wouldn't imagine they would have the organisational capability to misuse those passwords, other than the individual realising they could look through iCloud photos or something.

It's still bad, and Apple should implement a sharing or law enforcement mode for this case, but I doubt it's malicious at the state level.