This is the most important take-away here. Possibly communicate via a lawyer, whether you are giving a friendly heads-up or otherwise. This type of thing could be construed into conspiracy.
Giga-up-vote. It's too easy to slip up on security hygiene and either lose a jobs, customers, investors, reputation &| be sued. There's just too many liabilities and it's hard to pull off without being (legally) interpreted as a threat.
It is laudable to Do The Right Thing(TM), but the personal cost is likely nonzero sum.
