You might argue that the MIT approach is more correct, but I would say that it's highly inconsistent, and inconsistency is highly undesirable in a security mechanism. For instance, by your thinking, if you decide that security contexts must all be invalidated whenever and wherever they are changed, then you also need to close all connections whenever somebody changes their password, because any sessions established with the old password must now be considered invalid.
Not at all. My password has no role in protecting that connection once it has been established.
No, but it allowed you to establish the connection in the first place. As such, by your logic, changing it should invalidate the connection.