If it is this easy to gain access to an encrypted virtual machine using the "experimental" vTPM of Fusion 12 and Workstation 16, then it's a pretty clear message that the feature should not be used at all.
Care to share details on how you did it? Or, have you reported this to VMware as a security issue?