Good questions. Let me try to clarify…
There is a bucket (Sprout pool). That bucket is different than other buckets (i.e. Sapling pool). Let’s say that we know that 100 ZEC in total has ever been placed into that bucket. If someone tries to take 101 ZEC out of the bucket, we know that counterfeiting had occurred sometime in the past. We know that 1 ZEC was created out of thin air at some point. So we don’t allow that transaction to occur.
However, if someone counterfeited 50 ZEC (or something less than 100 ZEC), they could take it out of the bucket that we know 100 ZEC was moved into. The bucket would now contain 50 ZEC, after their transfer. Now we believe there is 50 ZEC left in the bucket and no one would be allowed to take out more than the 50 ZEC remaining. Thus, the total monitory supply is protected.
Does that make any more sense?
Sorry for the confusion. We’ll publish another article in the near future with an attempt to be more clear.