My recent post on the EFF blog talks about the difficulty that web security researchers have doing their work, in light of the Computer Fraud and Abuse Act and similar state statutes. While pen testers and other hired security guns can get written authorization to do security audits, members of the public have little leeway to explore the ways a website works or breaks, even when that vulnerability means that customer data is exposed to fraudsters. Read the post –Computer Crime Laws Chill Discovery of Customer Privacy Threats | Electronic Frontier Foundation– for more about the issue.