When a user who has the checkuser rights is blocked he will still be able to run checkuser queries while being blocked from editing. Currently checkuser rights need to be removed to prevent access.
Thus, if a checkuser account is taken over (which of course itself is a worst-case-scenario), a bureaucrat+sysop might notice this, block the account and remove sysop-access to prevent unblockself, but might leave the checkuser-rights (for example because the local bureaucrat is able to remove sysop access but cannot remove checkuser access). The blocked user will still be able to run a query.
In addition to that on small wikis with just two checkusers nobody might notice that the blocked account runs queries if the second checkuser is not online, as the checkuser log is hidden.