Which raises the question whether the OP now unknowingly also controls the heater in the apartment next to his...

Unlikely. This kind of wireless thermostat has two parts: the thermostat itself, and a separate receiver box that's directly connected to the boiler. There's usually a pairing process that you can go through where the two parts negotiate a shared value used in the protocol; this prevents one thermostat unintentionally controlling other boilers. You can see this described in the Installation Guide for the thermostat linked from the article (it's called 'binding' in the guide).

Probably not otherwise the original would also potentially run that risk

Good point!

The thermostats are paired, if my setup was able to control another apartments boiler then the original thermostat would also do that

And so the heat-stroke-killer was born, offing his victims with rapid changes between coldest and hottest setting, natural death has never been this human-made.

Ah yes, the classic problem of people using crypto primitives without fully understanding the problems they're trying to solve. Anyone even remotely interested should look into a full protocol like TLS or PGP to see how many primitives like block ciphers, hashes, etc. are involved and why.