I've never heard of anybody inheritting an email or domain name when they pass. I would think they would contact your family, and your family would more than most likely work alongside another web designer to use your laptop to get all their login details. A very awkward scenario, let's just hope I don't die any time soon.
There are two contacts for an email address. A technical contact, which is the web designer, and the owner, which should be the client. On occations clients are slow in giving personal information, and in this case you're left with little option but to put your own until you get round to changing this, if you're still up for it.
On a related point, if the company is a business and operates in the EU, then they are legally required to display their official company information on the site itself. They must clearly show their registered company name, registered office address, registrations details, and possibly the names of their directors. This is in addition to the domain registration requirements discussed in this thread.
(It's also good business sense to show this sort of information.)
This needs to be displayed in the privacy page. There are times when companies go out of their way to make this information less accessible, but the real question you should be asking yourself is why?
Why would you want to concele your identity to begin with? Bottom line is, if the client is not happy putting their contact information, then why shiould you? You could get in trouble if they start doing questionnable things on their domain. You should seriously ask youself why they want to concele themselves in the first place. Truth be told I have registered a clients domain in my name, but the client never requested it, if they did there is a good chance I would have declined their request.
In terms of their 'hack' on their email account. They can create another email address. To be, it sounds like a bad excuse. It's more likely that they are fearing getting in legal bother, so they feel that a change in the WHOIS information will avoid detection. Further could be from the truth, as you can easily see backlogs of who the domain belonged to.
Looking at your situation, this doesn't smell right, and you should question their motives.