I assume that having these go into production could make the authors "hackers" according to law, no?

Haven't whitehat hackers doing unsolicited pen-testing been prosecuted in the past?