Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.
For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email email@example.com.
Freelancer developer putting malicious code into my site?
Technically they could, it would not be very smart but there you go. Check the date/time stamps in descending order or look at your site source code. We know that some free WordPress plugins and themes have embedded base64 encoded code (non-readable) that puts hidden links on your pages, one of the most widely used plugins did and was removed from the WordPress site. It is feasable, unfortunately you do get what you pay for in life. Even if they are $10/hr, if it takes 5 times longer and produces spaghetti, it will not help you in the long run.
Yeah, this is very possible to insert hidden and suspicious code in your website for tracking purposes. You really need to be careful that to whom you are giving your work to do, you might end up paying more to fix than to develop.