old accounts. the reason for the "vast majority" and "in some cases" terminology is very likely because the user records only get updated when the user logs in. for accounts that haven't been used in a long long time, it's possible you'd still find pre-bcrypt hashes and plain text question/answers.
Regarding your last sentence, I think other comments have chimed in on what they believe the pre-bcrypt hashes were made with.
The went on to say they have unactivated all clear text security questions.
Really, WTF Yahoo. Why bother hashing a pw if you are going to have plaintext security questions.
Though at least they were not using MD5