This isn't anything like "exposing a security vulnerability." Everyone understood that the card COULD be misused.

That doesn't make the misuse of it okay.

But at the same time, if Jonathan knew that the card could be misused, he either should have attempted to provide some security or disclosed that problem up front to the community, to let them make an informed choice.

No one is surprised that someone was able to take advantage of it. Everyone immediately recognized it was possible and easy to take advantage of. People made an informed choice.

Just because it's easy doesn't mean it's okay. I can reach in and grab $50 from the tip jar at a restaurant while the cashier's back is turned. I can walk into most stores, stuff something under my jacket, and walk out.

Just because it's easy doesn't make stealing okay.

I never said that stealing was O.K. Read my post again.

Both of your examples of ignore that there is an "appropriate" level security for those contexts. The tip jar is in the plain view of other diners and staff; the store has staff and video surveillance. I'll leave it to others to decide whether an unsecured cash account accessible to millions of anonymous users has appropriate security in place.

Yes, it's part of the social experiment and it was a pretty cool hack.

I think a more accurate scenario is: Q: What happens if you let everyone contribute to and buy coffees from a Starbucks card? A: We are in the process of finding out but some very smart but unethical folks are pulling funds outside of coffee purchases and ruining the pot for everyone else.