To be fair, weev (in this case) didn't really do anything legally wrong IMO other than maybe should have stopped once they had PoC as you would with a bug bounty. However, those standards for responsible bug finding/disclosure weren't fully developed yet and I consider one of the problematic overreaches of the CFAA. Even ended in weev being radicalized in jail, so no one won, AT&T was still embarrassed by it. If someone leaves a unlocked filing cabinet on the edge of their property near the public road full of PII and people cross onto the property and look in the filing cabinet and take pictures of the files and use it as evidence of the property owner's irresponsibility, "should have known better" isn't a compelling argument to me to arrest them for trespassing, breaking and entering, and theft. This was a case where they didn't even bother to put a fence around it, they just assumed no one would notice it.
Weev, at best, committed the equivalent of a misdemeanor in my mind, and that's probably only because he kept downloading everything he could even after they had enough to call attention to the issue.
I think a similar case happened with a teenager accessing public records in a hidden directory on a government server, they tried to throw the book at him too for calling attention to it, when legally citizens could access the data anyway, and they were the ones that made it available to public. They tried to ruin the kids life over it, but thankfully cooler heads and a public outcry about it prevailed.
