This sure isn't my area of expertise. But let's say my password in multibit is four 16bit characters and it comes down to 0x1122334455667788. If the api call converts every input from UTF8 to UTF16 although it wasn't UTF8 in the first place, i would end up with 0x00110022003300440055006600770088 and could not decrypt my wallet. Where is my mistake?
Your mistake was in your application of conversions.
If the string is already in UTF16 then you convert it to UTF8, pass it in, convert it back to UTF16 and you are good to go.
But when I grab a string from the command line it will be in UTF8, so I convert it to UTF16 and we are good to go.
When I grab a string from Qt I will grab it in UTF8, convert to to UTF16 and be good to go.
When the user enters their string into a QLineEdit then they will enter same characters they did in multibit and Qt will handle the representation internally (in what ever form they use).