It still amazes me that people will happily run and set up unsecured wireless networks and then broadcast them out there for the world to see. When wireless first came out I could understand it, it was often a lengthy process and one that most people wouldn't have been aware of.
These days though, unless you're a) creating a honeypot or b) deliberately creating a free access point, it's just lunacy. And in my eyes it's almost or just as stupid to use WEP, and while most people on here are probably scoffing at those with no protection at all, I bet there's people reading this that are using an encryption that can be broken by anyone with access to Google in a few minutes. And those that have read this far without feeling stupid, if you're using WPA or WPA2 with a weak password (read: found in a dictionary / wordlists) then I'm afraid your security is most likely easier to compromise than those using the age old WEP! Read this far without now feeling a bit stupid? Congratulations. The only home setup (i.e. not with a RADIUS server or similar) these days that can be classed as secure in any way, shape or form is to use WPA / WPA2 with a long, strong password.
It's a bit of a mess isn't it.
On the legal side of things, connecting to an unsecured wifi network that's not yours is a bit of a grey area. Whilst it could be classed as unauthorised access and therefore falls under the realms of the computer misuse act, whoever was convicting may have a hard time you didn't connect to it by mistake (after all if you've got a similar ESSID to someone else then it's only a case of clicking somewhere you didn't mean to, and on certain *nix wireless setups it'll connect to any unsecured wireless network it finds by default without you doing a thing!)
Cracking WEP / WPA keys and then using them though is pretty clear cut. It might be dead easy in some cases, but you couldn't "accidentally" crack WEP or WPA.
Is it ethical? Well that debate will go on, but since ethics have pretty much no legal standing you'll only ever be convincing yourself! While I might think about signing on to an insecure network for a few minutes to check emails or similar if nothing else is around, I wouldn't go on there and start torrenting 24/7. And I wouldn't use weakly encrypted networks at all.
Yes, I think that any company dishing out equipment using WEP / no security by default (and a LOT of broadband companies in the UK at least still seem to be doing this) needs a firm lecture and a clip round the ear. My view is that all new equipment shipped out should, as part of the setup process, require a strong WPA or WPA2 key to be in use by default. And yes, I think that anyone who knows what they're doing yet still chooses to use weak or no encryption deserves the same treatment.
But let's not forget, you could be connecting to 90 year old Granny Thomas' open network who signed up a few years ago to CRAPBand ltd. and received clear instructions on how to set the thing up with no security. So she followed said instructions and has been using broadband happily ever since. Whilst CRAPBand ltd. needs a good telling off, it's really not Granny Thomas' fault...