It's always been a grey area. At the end of the day they can pin it down to unauthorized access of a private computer system if they really wanted to nail you.

I was thinking about the front door left open/unlocked analogy the other day. The more correct one would be, an unsecured AP is more like leaving your front door open/unlocked and having a person/sign out on the lawn telling passers by about it, as that's what AP's do by default, they broadcast their information on the airwaves.

To answer your question, I'm not sure about the legallity about it. I don't think anyone's been tried and convicted in NZ yet, but it will probably happen. Usually the only way to catch someone is to catch them red handed. I.e. sitting outside your house in a car with a laptop. It's very hard to catch them otherwise. It's hard to say MAC address 00:00:00:00:00:00 relates to joe bloggs, he logged onto my network and leeched 2GB, i'm going to tell the police on him.