QUOTE(No one of consequence @ Wed 6th July 2011, 10:40pm)
I have no comment as to the accuracy of the guess, but retired arbitrators continued to have full access to the Arbcom mailing list until sometime in 2009 (if I recall correctly). After some controversy over something or other, and some early leaks that may or may not have been Wikileaker, Arbcom closed the Arbcom mailing list to all but current arbitrators only, and also created the functionaries mailing list, which checkusers, oversighters and past arbcom members in addition to current arbcom members are eligible to join.
The implication of this presumes that they change the password (or whatever guards access to these super sekrit archives) frequently. If not, then someone who had access to it pre 2009 (with some kind of axe to grind), who's access got removed, still could have gone back more recently and checked if "the old password still works" and then...
Maybe it sounds a little far fetched but from what I understand a lot of these security breaches occur for mundane reasons like this. And the leaker did say that the reason for the leak was "stupidity" and this certainly fits the scenario.