I have no love for people who force their way in to IT systems but the utter lack of security and safeguards in sensitive US systems in relation to what he did does tend to look as though the repercussions are more relative to embarrassment than actual harm.
Obviously this is based on what the, highly biassed, media report, but having worked in IT a while, it's really not THAT hard to take minimum precautions to minimally secure systems and it looks as though key US Government organisations did not do this.
It really does look as though its a nuke the intruder response to somebody who walked in, without forcing entry, into somewhere they should not have been.