So if I deliberately exploit a bug on your website and download your customer database by typing things in my browsers URL bar, I should not be prosecuted?

No, and I would support a law explicitly making it illegal for prosecutor to prosecute you for this.

I'd be totally down for that, but I reckon it would be kind of shitty for the vast majority of the people who are not CTF enthusiasts.