disclaimer: i am pointing out practical flaws with the idea. there are ethical problems i have not addressed; do not construe these as the only obstacles to your plan. even if you think you can work around the problems i present here, i do not recommend proceeding.

i don't know the details of your situation, or how likely laws are to matter to you (not every nation is as hung up on lawyers as the US is, and you may or may not live here, for all i know), but i do want to point out a practicality issue. if he doesn't know how to delete your account or change root password, you won't need a script accessible from the outside; and if you are truly partners then you might be on a better legal footing if he tries to abscond with the hardware and you respond by withdrawing your software support.

but if you were to set up an external-access script, what if some 3rd party came along after you forgot about it and deleted the site while you were making money? you cannot make such a thing secure enough to be worth the risk, in my opinion. don't even try.