Particularly interesting is the remark about the numeric IDs which identify the emails in the zipfile. The headers of the emails contain the date and time on which they were sent. If I understand the comment correctly, the numeric IDs are Unix timestamps for those sending times, but moved by 4 or 5 hours from UK to eastern US time. This suggests that the emails were given their current identifiers on a computer in North America, or one that was running on North American time - which in turn suggests a hack rather than a leak.
It references a rather more in-depth discussion at Climate Audit, of which the most pertinant comment seems to be:
So, if I understand this. Each CRU email is named (given a numeric label, like "0826209667" in the above) based on the date/time it is sent. If you know UNIX you can translate the label back into the date. That's what the "->" indicates; the label 0826209667 = 7/03/1996 14:41:07. But if you match that to the date line you see they are off by 4/5 hours, which suggests that--given the emails were taken from a U.K. server--they passed through a computer in the Eastern U.S.
Which would indicate that the hack was indeed a hack and not a leak.
PS. Or, as TiGuy points out, they might have gone through a computer in Eastern Canada.