I'm curious what the effects of the case will be on security researches as a whole. Is the possession of the data an offense even if used legitimately? What happens to HaveIbeenpwned.com even though passwords aren't shared, it's a database with that information. It's a very interesting issue that i'm expecting will have just as interesting outcome.