The FBI argument was 'leaky CAPTCHA'. The defense argument was that the application was hacked. The most likely scenario is an info leak or debug page as Ross was known to live edit/debug the application.
This evidence wasn't tested in court on 4th amendment grounds since the defense didn't demonstrate ownership of the server: