I'm learning how to use eCryptfs: https://wiki.archlinux.org/index.php/ECryptfs

I get things as below from the link:

This is used to derive the actual file encryption master key. Thus, you should not enter a custom one unless you know what you are doing - instead press Enter to let it auto-generate a secure random one. It will be encrypted using the login passphrase and stored in this encrypted form in ~/.ecryptfs/wrapped-passphrase. Later it will automatically be decrypted ("unwrapped") again in RAM when needed, so you never have to enter it manually. Make sure this file does not get lost, otherwise you can never access your encrypted folder again!

So I did a simple test:

mkdir -p ~/test
mount -t ecryptfs ~/test ~/test
cd ~/test && vim data
umount -t ecryptfs ~/test

For now, I did get an encrypted file, which means that ~/test/data was unreadable. Of course, if I mount it again, I can read it.

Now, I delete ~/.ecryptfs: sudo rm -rf ~/.ecryptfs. Then I try to mount it: sudo mount -t ecryptfs ~/test ~/test

To my surprise, I can still mount it and read the ~/test/data.

Now I'm confused. I thought I could move ~/.encryptfs into some USB to keep my secret data secure. But it doesn't seem to work because I can still mount it even if I delete ~/.encryptfs. Am I doing something wrong?

If I'm right, the whole security is based on ONLY one thing: the login passphrase. In this case, what is the wrapped-passphrase? why is it so important? why does it say " Make sure this file does not get lost, otherwise you can never access your encrypted folder again!"?