Like I said, I'm surprised that it managed to change the credentials used by the other SEPMs. It is however, a good thing as the SA account has far more rights than is needed by SEP. I can only guess at how it accomplished this change, but I'd guess that the db account details are stored in the DB as well.
I'd suggest monitoring the SEPM's for a little while to ensure all is working and fine (as it seems to be), and leave them using the new, locked-down sql account. What you do with the SA account now that it is not being used for SEP is up to you, but I'd suggest reviewing it's usage.
Oh, as you're all working now, it'd be appreciated if you could see your way to marking any posts you've found useful with the ol' "Thumbs Up" or as the Solution
Let us know if you encounter any issues.