It sounds like someone else setting up the account used Williams's personal email to link him in, and he never removed it (likely because a lockout could ensue). I am not so sure that he is really to blame here.
Any equipment that has seen any mixed personal/business use has always been forensically wiped prior to returning to my employers.
None have ever complained.
Hoarding passwords is a dick move and not okay.
Even as PO'd as I am at my former employer, if I was in a similar situation I would have made them the offer of:
re-instate my work domain account and email, give me a cube for a week, and pay me as a contractor on a 1099 for that week.
In exchange I'll use my personal email account that someone else (apparently) linked to unwind this and remove my access after adding someone else and verifying their access works.
That is reasonable and prevents me from working for free, disentangles the mess, and most importantly to the court system, doesn't look like an extortion attempt.