While technically what the guy was doing was wrong (violation of terms of service), to me this doesn't rise to the level of reporting it to Tesla or prosecution (LOL).
If we take Mod3forMe's narrative at face value and assume all that was posted here was factual, then to me it's clear that this guy is simply a hobbyist who tinkered enough to make something to see if it would work. It was a personal challenge for him.
His point wasn't to get free electricity or start a business retrofitting e-Golfs. It was simply to reverse-engineer the communication protocol for the Superchargers and then control it's output. He's also attempting to not interfere with legitimate charging of Teslas by doing it at night, when the supercharger station isn't busy, spending only a few minutes at the station to conduct a quick test, and going to different stations to not attract attention. This is exactly the way I'd do it if I were working on a hobbyist project of this type. And the reaction of people in this thread is exactly why this guy is as low-key as he is.
I disagree with the notion that he's some kind of criminal that's "stealing" electricity. Hogwash -- his tests have amounted to about $2.00 worth of power, if that. I also disagree with the notion that his equipment presents a safety issue. If you know how to reverse engineer a protocol, build your own charger, and charge your own battery, then you also know the safety protocols to put in place in your code and your hardware. Plus, the supercharger has its own safety protocols in place anyway.
If more people do this and it becomes a problem, Tesla has every technical means to end it. They simply whitelist VINs in the Supercharger and a made-up or all-zero VIN then wouldn't work. If VIN cloning becomes an issue, then you simply cross-check the VIN supplied by the car against the location of that car to make sure that car is actually at the Supercharger.