>Does this mean this person can get hacked before he gets to his security patches, and updates his system?
Yes. If there are remote vulnerabilities in that version of linux, then your reinstall will be vulnerable until you patch them.
>If so what can they do?
If you're really worried about getting hacked, you can download the errata on a secure machine and then transfer it to the reinstalled machine on some type of media (floppy, ZIP, CD-RW). To be honest with you though, the likelihood of getting hacked in the 15-20 minutes it takes to install the patches isn't really that high, so if you're willing to chance it, you'll probably be alright. But if security is important, it might be something worth thinking about.