David,
In the case that you mentioned, they could create the backup file and reinstall without the admin password.
But they could also copy or steal a paper chart, steal checks from your mail, or make copies of your patient's credit card numbers. You see where I am going with this.
