Comment by smelendez
> Given that the intent of the friend was to help improve McDonalds' security, I'd have to disagree that the firing was rightful.
I’d be inclined to fire someone who shared their credentials with an outsider running an unauthorized security test or discussed unpatched vulnerabilities in detail with outsiders.
An employee poking around and finding stuff on their own and reporting it might be a different story, though the details would still matter a lot.
OP did not use their employee friend's credentials, they created their own account through the registration page.