[sillysaurus2]

Not only that, but if Twitter was feeling cruel, they could drag him through court (if he's based in the US). That would be a nuclear option, but, when your future welfare is on the line, you really shouldn't screw with companies.

Twitter obviously wouldn't drag a hacker to court. I'm saying, in general, don't do this, because other companies might. http://en.wikipedia.org/wiki/Randal_L._Schwartz#Intel_case

[username223]

"when your future welfare is on the line, you really shouldn't screw with companies"

Lie back and think of England.

He's not US-based, so he can freely give them the finger. Good for him.

[homakov]

Hm, are you sure cracking password and writing about a bug which you didn't exploit on other users are the same thing?

[sillysaurus2]

Would you like to keep testing whether a prosecutor is daring enough to bring charges against you, especially in this social climate?

It's not paranoia. Once you start straying from the path of responsible disclosure, the path to danger is quite short.

In this case, I think you're in no real danger since it's Twitter. So don't worry. But if it were some other company, though, you wouldn't be able to rely on goodwill to protect you. And without any protections, there's nothing preventing the (extremely powerful) courts from bringing charges. It's happened before; it will happen again.

[homakov]

everything is possible. Furthermore, in Russia where i used to live, they don't need any charges, they can make them up from nothing.