11 (or is it 12?) months in, Andrew "Weev" Auernheimer is still serving a 3-year conviction (on appeal now) for "hacking" the AT&T iPad signup script to get email addresses out of it ... using a web request and random numbers. In case that's not clear enough, it was published, public data waiting to be requested, no security restrictions except the numbers to be guessed. I'd say that's the same for any such "private" (hah!) service that uses ID numbers to access data over public channels, wouldn't you?