I've read in a few places that the Russians may have had Hillary's email password. Doesn't that change the problem a bit? It's not that they could have been reading her emails, it's that they could have been writing and sending emails in her name. Imagine what they could have told people to do with all the authority of the Secretary of State.
How often do you go through your "sent" folder? How often do you think Hillary did, particularly if she didn't suspect her password was compromised? Not only that, they could have deleted their sent emails as soon as they sent them, removing all but the server log traces of them.
In this day and age where so many things are done via email, how hard would it have been for them to come up with interesting ways to take advantage of their ability to electronically pose as her? Combine a spoof of SecState with a couple of enemy agents in the department and you can execute some really wild schemes against the US.