Comment by antihipocrat

There's a third category too, users looking for security weakness and probing the system with a spectrum of inputs. The response to these inputs can reveal a lot about how the backend is designed.