Is it not breaking and entering if a homeowner uses a flimsy lock? (don't get cute and try and say this is no lock at all; it's just a very bad one)
In fact, the law is that it is still breaking and entering even if there is no lock. The point is that the door was closed for a reason and you knew what you were doing by "forcing" it open and entering. It is fairly analogous to this case where the blogger did not need any sort of secret 'key' to falsely use the system, but there's no question that it was intentional (in fact he admits it later and gives enough damning details for Microsoft to prove it's true).
On the other hand, we tend to notice that he did not seemingly intend to take anything. We have sympathy because we appreciate the merits of it as a mental exercise and for pointing out a security loophole. But we aren't Microsoft (or any of the thousands of third parties!) who actually depend on this system for legal and financial reasons.
It all boils down to intentions. It doesn't say in the blog post, but it doesn't look like the author made any attempts to inform Microsoft of the fraudulent transactions before he posted the info publicly, and we know that it's been almost a year since he first did it. He'd have a lot more ground to stand on had he at least done that.