With Dwolla if the adversary knows your Dwolla ID#, Ph# and D.O.B. and has access to your e-mail those are all that is needed to first reset your Dwolla PIN and then to reset your Dwolla password. The adversary would then hide the evidence by deleting the e-mails that those steps produced.
If someone had access to all that then more than that account would be compromised. I would be truly right to be paranoid.