i think all of the goddamn "its crackers, not hackers!" dictionary nazis are just geeks with no social life as it is except pointing out to people the difference between crackers and hackers... ignore them, don't let them get to you.
however, you really have to understand on what slippery ground this hacker (oh shit! i mean cracker! i'm so sorry! how could make such a dreadful mistake! lol ;-P ) is operating.
yes, if the university's security system sucks, well then they should pay for it. but we are talking about what this c(h)racker did, not the university.
this c(h)racker should be aware of the grey area he is operating in, and take precautions, not the other way around. that is, society should not have to bend over backwards trying to read good into people who operate in the grey area between white hat and black hat efforts. instead, the chracker should bend over backwards to make sure no one will interpret his actions as black hat. and the university? assume someone is a black hat first, and ask questions later. really, that is the most responsible way to proceed, considering what is at stake.
and if their security system sucks, and they ignore alarm bells from white hats, well then let them suffer for it, but don't reward the grey hat.
because this chracker did not proceed the way a white hat would proceed. see?
The tigers of wrath are wiser than the horses of instruction.