There are always ways to access users' email without their knowledge, this is just a simple way to do it. You can also use backup and restore, and probably a few dozen other methods.
Usually email is corporate owned data. Admins should have full control over their systems, and if you have misbehaving admins it will usually come to light anyway.
The only question that remains: "Who watches the watchers?"