I'm guessing he wasn't working in the US (boss speaking Dutch, etc.), if he were to try to pull that "I'm not giving you the password" thing here, he could've got a visit from FBI and/or/most probably face jail time if the company cast his program as a type of virus (i.e. any unauthorized software on their system) and complained.
Not exactly the same scenario - but at the end of 2001 I worked at a company that went under - our parent company decided to close our doors, fire everyone in one shot and then didn't pay us our final paychecks. About 4 to 6 weeks later I get a call asking for the server passwords as I was the only one with them - I refused to hand the passwords over until all of us got paid. We all had paychecks within a few days and I released the servers to them.
