The article lists a number of actions that the hacker shall not do. Most are to be expected, such as not modifying the system, not bringing it down, not exposing private information. The first and last points in the list are strange though:
Eh? Why are these not valid attack vectors?
If you have a procedure with 10 parameters, you probably missed some.