As the question is posed, as a consultant, I see no problem. A consultant does just that, he consults. He doesn't touch your system except for analysis. All he does is advise and who is better to advise. He knows his stuff in and out.
I would have to disagree with this statement. If you are going to hire a consultant to advise you on the security of your network. The consultant is going to have to do some hands on to provide a good assessment of the security. I understand your meaning if the consultant is coming in and looking at logs provided by the client, but even that gives the consultant a glimpse into possible holes in the security.

I'm not going to say don't hire a hacker, but you better be one step up on him until he can prove himself trustworthy.