I haven't read the judgement (I am a good armchair lawyer though, have read lots of opinions and regurgitation of other peoples interpretation of the facts) but I am pretty sure that was a part of the New Jersey law, so in any retrial it would be irrelevant, since the standard is lower.
It would have probably been better for Weev if AT&T's servers actually were in New Jersey, since then this judges would be forced to say what they think about the NJ law as it applies to this case, which is pretty clearly what you said. The password or code - there was no such barrier to access, so no illegal access through forged authorization occurred.
This barrier requirement is part of the New Jersey law, and the threshold for abuse in the federal statutes is lower. Ah. Here, found it:
See State v. Riley, 988 A.2d 1252,
1267 (N.J. Super. Ct. Law Div. 2009) (p12 of the ruling)