URLs are public and modifying them should not be considered unauthorized access or hacking, especially semantic URLs. I mean, if there's a querystring parameter on the end like "page=2" and I modify it to be "page=3", I'm simply using an interface in a logical manner. The onus should be on the website owner to secure resources within their URL space, especially since there are a myriad of easy ways to do this in 2013.