Sounds bad, but it sounds like you were logged in to request the password reset, so maybe that's how that worked?
This is another reason why having the login and the password on the same entry screen of the web page is important. If it fails, it should say that either login or password is incorrect, so no clue as to which. Otherwise, once they guess the login, they can request a password reset.
So yes, it is important to have a strong email password - in the case above, once they have your email, they can intercept password resets - especially dangerous if the login to the account is the email address!
But they wouldn't know which part was shared - I don't think it's adding any risk.
And what advantage is there to changing your password often? I think that has been exposed as a myth - it often leads to people using simpler passwords. It's not like a bad guy is going to sit on a hacked password for 6 months before using it.
-ERD50