I submit that the real culprit here isn't misconduct stemming from overcharging, but rather from our careless and illogical sentencing guidelines. Swartz's prosecution could have huffed and puffed all they wanted, but if the facts they had at their disposal supported a maximum of 6-9 months custody even at trial, it would have been a different story.
Instead, Heymann had at his disposal a set of sentencing guidelines that scaled up with "damages", which is a standard that makes no sense in a computer crime case. The difference between $500 and $1000000 in damages in a CFAA case is a number in the middle of a for() loop. This isn't a novel challenge for the criminal code; other offenses have more reasonable sentencing and "aggravation" elements as well. Swartz's sentence should have involved the extent to which his intentions were commercial, how many co-conspirators he roped in, how much of a challenge he made it for the prosecution to investigate him, how much damage he caused, how recklessly that damage was caused. These are familiar elements of criminal and civil cases and could apply in CFAA cases too, had the law been written more carefully.