Hmmz.... as long as nameservers point to your server, there is not much use here. If he want to do bad, he could just cancel your domain or something, because that is what a registrant can do. Or change nameservers to registrars nameservers and change things there....my websites domain name is currently listed with the technician named as the registrant.
i don't know if the tech could use that control to cause the more recent issues we've experienced.
You don't need to be registrant for DDOS attacks and such.
I'm also Dutch by the way.
Shutting down a forum, like the option in the ACP can not be done via the registrar or DNS, you have got to have ACP or database access for that.
Might be a good idea to change passwords indeed, including database pass.