Almost all young hackers come at some point of their hacker-life to the conclusion that finding and unsolicited reporting of vulnerabilities would be a fine idea:
The owner of the website might be thankful or even hire the young hacker to check the site further or fix the vulnerabilities.
Almost everyone in the IT-Sec-Business I know had this idea - and most of us learned the more or less hard way, that it is in fact a bad one. Not all potential customers are nice people. And be honest: Would you really hire someone who did an unsolicited hack of your infrastructure?
Some "IT-Sec-Professionals" take longer to learn their lessons - I remembered my own experiences when I read about Chris Russo and his plentyoffish-hack.
In my opinion both partys made mistakes and are leaving a really bad impression in this case. Maybe something to learn from, regardless on which side of the net you work?
Some of the comments over at slashdot http://slashdot.org/story/11/01/31/1856202/PlentyofFish-Hacked-Founder-Emails-Hackers-Mom are worth reading.