Yes, the password is only validated when you add the host to the vCenter inventory. After that, the vCenter does not need it to manage the host.

If, for some reason, after changing a host's root password, you want to enforce the vCenter to ask for the new password (it might need a Disconnect / Connect), connect with the vSphere Client to the host > host summary > Disassociate host from vCenter Server.

To explain what's going on ... when you add a host, you provide the password to install an agent/daemon onto the ESX host.  This provides a service on a specific port.  Some agents create a service account to run the service under.  This private user/password is used to communicate with the agent, not root. So they are independent of anything to do with root password used prior

Once the agent is running, we don't need root as the agent/daemon continues to run without issue.

This scenario is very dependent on how the agent/daemon is written, so you are in a case-by-case basis with each software/plugin/agent/etc.

Take Lab Manager as an example.  It uses root to authenticate with the host to perform some tasks directly.  If you change the root password, Lab Manager won't notice until the previous authentication session expires and then will error when re-authenticating.  But this is because Lab Manager communicates directly to the ESX host.

Best Regards,

Jon Hemming