First, they would have your login and password. Meaning, your account is now theirs. All they have to do is log in, and change your password. And good luck calling support about that, somehow I don't think they would be very sympathetic.
Second, if you've ever used a credit card to buy anything (points, etc.), and that information is still stored, they also have that. Again, meaning they could spend as much money as they want, thanks to your credit card information.
Either way, doing this will result in:
a.) Spammers get your account info, and your account is now theirs. Buhbye account.
b.) You really do get points. MS is SURE to notice this, and your account is banned. Buhbye account.