It's quite unlikely that's someone with access to his computer (=> malware) would act like that instead of just stealing his private-key using a form-grabber/keylogger/wallet-stealer and use his own machine to redirect the transactions (however it's already unlikely enough that an attacker just redirects transactions instead of stealing stored in the wallet).
I also do not understand what he meant by that since I am not familiar with this type of problem, but I dont think it will be possible for an hacker to completely gain access to control our address without first finding us faulty of a very weak password, even if they get to install malware on our software, provided we are using a very strong wallet that has extra security tools in place, I think it will be completely hard for the hacker to gain access.
Anyway, I am still waiting to learn more as regards his issue, let us hope they have not devised another strategy that will go beyond strong password and anti-malware tools, because that is all I rely on for now.