Smart approach with the key wrapping. Re-encrypting every note on a password change would be brutal at scale. Do you have a recovery path if someone forgets their password, or is it truly zero-knowledge where the data is just gone?