Back in college I ran ToneLoc overnight and would try ftp on the successful hits. One server didn't have root set, so I telnet'ed, <Enter> when prompted for the password, and I was in.
I ran 'who', saw a user logged in. Decided to wall them a message of "You should really set your root password." and logged out.
A couple of days later, I got an email on the trash email account I would use for ftp logins - dude was super nice but freaked out and wanted to know how I found his server. I didn't reply.
Imagine the anecdote coming from the person you wall'd.