On the security issue, please take a step back and look at what the security community in general is doing. I'm not sure you can find a group more security focused than SANS
Quoted from their website:
"SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community."
Anyway, track 4 of their training (Track 4: Hacker Techniques, Exploits and Incident Handling) goes through the process of hacking a site (including the use of the tools most likely to be used.) Not having read the book, I cannot say how much/little time is spent on ethics issues, but I'd not write it off as an "evil". (Actually, after I finish this post, I am going to forward the details of the book on to my supervisor and get a copy.)