Well it's easy to explain. The leak occurred somewhen. And since this leak was discovered, the passwords from that leak are known.
So all leaked passwords (12345678, secret, password, ....) are stored in a public database - without relation to a user account.
And the new feature of the iPhone (and Mac) knows your stored passwords and matches them against the known database with the leaked passwords.
But don't be afraid! They scramble your password into an unique identifier. "secret" will be for example something like this "324*234çç5*ç%LFJ*OJç" (varies and depends on the algorithm). And the same is done on the other side.
If there's a match, you'll be alarmed by the new feature.
So, it could also be, that someone else was hacked and this guy used the same password "secret". In any case, it's an indicator, that your password strength seems not to be very good and you should consider changing it.
Also, you should not use the same password for different accounts.