It doesn't matter -- either way it shouldn't have been tampered with.
If the directory permissions were such that anyone could have done it,
then owner of the account bears some liability by way of negligence
(IHMO), but that *doesn't* diminish the clearly wrong actions of the
person who played around with it.
Better education -- for both parties -- is needed, with ethics being
the more important. I can harp on about this all day, as it's a fetish
of mine, but I'm also concerned about subjecting individuals to undue
harm ;-)
A useful question:
Does the magical TFM have a section on the subject of ethics and
responsibilities as controllers and users of computer systems ? [In a
rare confession, I admit to not having a copy ...]
Matthew.
-- Matthew Gream <M.Gream@nospam.uts.edu.au> (02) 821-2043 (sw/hw engineer)