your absolutly right secure_lockdown, but that's still no defense.

"He didn't use any hacking tools. The system was open,"

what exactly does "open" mean and what do they mean by "hacking tools"? is a sharp mind considered a hacking tool?

is it that the site wasn't patched or was there a link they didn't expect people would click on or a hidden directory that someone could guess the name of> was the information found on google...?

if you have a web or ftp site and you dont post a statement of use its your fault if someone accessed it in a way you didn't intend.

if some one takes advantage of a directory transversal or downloads and changes an authentication form or injects code into a query then they've broken the law even though they havn't used any third party "hacking" tools. it's my understanding that the laws regarding computer crime are very clear on this. if you bypass authentication processes you've broken in. if you use phony logon credentials, those that are not yours, you've commited computer fraud..this doesnt make the admin any smarter but the perp is still very much at fault. im too tired to look up the law right now but that's my understanding of it.