There is a fine line there that I think his company crossed.
It is sad on many levels that the people who discover vulnerabilities or security holes get into more trouble than the people who created them or allow them to remain.
On the other hand, you can't blindside a company by going public with their vulnerabilities without giving them a chance to respond first. Especially when you're talking about government and military networks you have to realize that you are messing with the wrong people.
I would hope that they would have appreciated being notified through proper channels of what their weaknesses were or how to secure their networks- maybe I am wrong. I wouldn't even know where to begin to locate the "proper channels" to let the United States government know that their military networks are insecure.
It certainly got publicity for his company- I'm just not sure this was the kind of publicity they had in mind from this little stunt.