In passato avrei detto, "Tutte le risposte puntano a sì".
Tuttavia, a causa della recente sentenza passata a Andrew Auerheimer l'anno scorso, direi che la risposta è "no".
link
"The facts are simple. In June of 2010, Andrew Auernheimer’s
co-defendant Daniel Spitler discovered that AT&T’s servers were
publishing email addresses of iPad subscribers on the servers
authentication log in page when queried with a SIM card number that
matched an existing AT&T subscriber’s SIM card number. Upon
discovering this, Spitler wrote an iterative script that queried
AT&T’s publicly accessible iPad servers and copied over 120,000 email
addresses. No password or any type of security was ever hacked, nor
was any attempt ever made to hack any password or bypass any existing
security measures. In essence, what Spitler’s script did could be done
by anyone with a web browser who entered in the right combination of
numbers into a URL,"
link
"If merely visiting an unrestricted web page to copy an email address
counts an unauthorized access, the legal line between intrusive
hacking and testing websites for vulnerabilities--or merely visiting a
website at all--could be blurred"