That's not true. Reports are that he exploited the vulnerability and wrote a script to harvest the data.
Oh for goodness' sake. This is why people should not comment on topics outside of their experience.
When I'm testing a bug, especially a server one, I quite often write a script to figure out the parameter limits. I'm not alone in doing that.
In fact, most corporations use third party security audit tools that use scripts to, as you put it, "harvest data" in order to find vulnerabilities in their websites... something that Apple apparently did not do well enough.
You guys are shooting the messenger, instead of reading the message.