Even though I was against "GPG is too complicated" thing, in the last 20 min I corrected a couple of people, so just to be clear:
* This key was issued four days ago.
* No, anybody with that key can't read their messages. You still need a password for the key.
* The password for the key could be cracked (depends solely on how complicated the password is) with a copy of the key, but the key is already revoked.
* You would still need a copy of the email to read it. If you're trying to impersonate them, you still have to impersonate the email from that email address as well.
It is bad. It is a rookie mistake. It is not a catastrophic mistake though and there will probably be no consequences of it.
* This key was issued four days ago.
* No, anybody with that key can't read their messages. You still need a password for the key.
* The password for the key could be cracked (depends solely on how complicated the password is) with a copy of the key, but the key is already revoked.
* You would still need a copy of the email to read it. If you're trying to impersonate them, you still have to impersonate the email from that email address as well.
It is bad. It is a rookie mistake. It is not a catastrophic mistake though and there will probably be no consequences of it.