You absolutely can call it hacking, and people have been prosecuted for things like that. How much simpler can I say it? The difficulty of an attack has nothing whatsoever to do with the severity of the resulting offense. Difficulty is just one measure that can be used to establish your purposefulness in exploiting unauthorized access.
No, it's not a grey area. The "public accessibility" of a URL may serve as evidence that you had no criminal intent (because you didn't have to "jimmy the lock" to get in), but if you then do things with that access, you're criminally liable.
