It would still require abuse of credentials and sharing of data which has not been cleared (or may be legally unclearable) for public availability.
Just because someone has the ability to use their credentials to view information does not remove legal liability for the use of that data upon the institution providing the data.
The reason this got shut down was because there could easily be liability and security concerns - about which a couple of hacking students could give two shits.
If the students were, in fact, accepting other students' credentials to access the system in any custom form (pulling data for the particular user vs. harvesting no-account-specific data), and I were on the chopping block for IT security at the uni, you better believe this would be shut down fast. Every single user of that third-party system would be forced to set up a new password and reminded of their obligations for proper handling of their own security.
Just because someone has the ability to use their credentials to view information does not remove legal liability for the use of that data upon the institution providing the data.
The reason this got shut down was because there could easily be liability and security concerns - about which a couple of hacking students could give two shits.
If the students were, in fact, accepting other students' credentials to access the system in any custom form (pulling data for the particular user vs. harvesting no-account-specific data), and I were on the chopping block for IT security at the uni, you better believe this would be shut down fast. Every single user of that third-party system would be forced to set up a new password and reminded of their obligations for proper handling of their own security.
Now, get off my lawn!