I would discard 1) cause a real hacker, even if novice, would enter without damaging or stopping the service. He/She would maybe report to the owner the vulnerability or even would keep it secret.