Well if was not secure and you done a hack etc and then they said is not insecure sort don't blame one for selling to gain from it but then that's exploiting others people details and them at a loss if funds are on accounts. No doubt admin could simply made a mass email send out to account holders to change passwords and details too.
Yes, but considering admin is profitting of of their personal info, I doubt he will do that. Admin, please realize that you are likely selling very sensitive personal information and that you could easily wind up hurting someone badly by doing this.