[JoshTriplett]

> My interpretation is that the "their" qualifier disallows people from using the API to access other people's data without proper authorization.

That interpretation wouldn't make sense with many well-established uses of Github's APIs today. For example, consider a CI service that tests incoming pull requests, and shows the details of each pull request, including the user who submitted it.

Showing appropriate user information in context (associated with their Github contributions), however, seems quite different from mass-scraping user information to create fake "claim me" accounts. Github may or may not want to allow that (and they can always change or clarify their position).