Correct me if I'm wrong. Is it standard procedure in a high-profile investigation to tape record or video record the questions and responses. I do understand that at this level, some aspects of standard procedure might be waived, especially concerning the nature of the investigation - SAP level information does not need to circulate at all, let alone in audio recordings. Just wondering.
Based on publicly available information, the server did not need to be hacked to obtain the information on the server, but it's possible that NSA or similar monitors traffic to a degree to determine who (at least by IP address, which can be spoofed), did access the information at this server. After that, of course, the information could go anywhere.
The server was mirrored by/at a company that was itself hacked.
Email is normally sent in clear text. That means anybody through whose routers it passes can intercept it. Your ISP for instance. Or someone who has hacked your ISP, e.g., the NSA.
Of course, it is possible to use encryption with email. E.g., you can directly encrypt the messages. Or you can use TLS (https://) for all traffic to and from your email server. For instance, if you use Gmail, your email is safe from everybody but Google and such TLAs as can lean upon Google. Your ISP can't spy, because your traffic to and from Google is encrypted.
In Hillary's case, the suspicion is that her server itself was hacked. By Guccifer, Guccifer with the SVR looking over his shoulder, or by the SVR alone.