A better analogy would be the 'hacker' walking on to a secure military facility, in real life, completely unchallenged, collecting sensitive data to prove he got in and out undetected and going to the town hall with it to present his evidence to the community to report the vulnerability.
Do you even know what a SQL injection attack is? A common one is the user/password authentication, you enter in a fake user/pass combo and put
at the end to terminate the sql string and inject additional script so after the fake user/pass lookup fails, the or 1=1 test passes and you log on anyway.
The fact that these sort of dumbass errors abound, when these vulnerability classes have been known for over a decade is beyond negligent. The fact the law says that having half ass security makes it a crime to access the computer is fine, but when millions of individuals confidential data is protected by the rule of law instead of actual state of the art security practices, it's a problem.