You could argue that you have access to their JS. But as soon as you modify that JS to do something they don't want to their backend servers, that's most likely unlawful.
When I was in college my friend figured out a major fast food chain had a flaw in its API with the way it validated coupon codes.
The server validated that the coupon code was legitimate, but the actual discount value of the coupon code was validated client side in JS for some reason.
So he could turn any 10% off coupon into a 100% off coupon by modifying the API requests during the checkout flow. I'm sure this was illegal but he ate a lot of free fast food before they ever fixed it.
Let's run with this thought experiment even further: what if I use a very obscure browser that happens to interpret their JS in a very specific (and beneficial to me) way?
