If he did something malicious to it or knows other account details then yes.
If you have reason to beleive that the consultant wants to do something malicious to your environment sharepoint would be the last thing I would worry about….. how vulnerable are your domain controllers? exchange servers?
The fact is that even with the best security in place and no previous knowledge of an environment it is still possible to get access to it. Depends how badly someone with the required skills wants in.