That's pretty much a text-book straw-man argument. Two of them, actually.
We're not discussing the morals of human research, we're discussing IT security, and specifically in scenarios that are unlikely in the extreme to lead to any physical harm to people.
We're also not talking about trying to sabotage or attack a system.
Standard, well-formed web requests on standard HTTP sockets, made infrequently are very unlikely to cause problems on any system that's not outright deliberately misconfigured.
We're not discussing the morals of human research, we're discussing IT security, and specifically in scenarios that are unlikely in the extreme to lead to any physical harm to people.
We're also not talking about trying to sabotage or attack a system.
Standard, well-formed web requests on standard HTTP sockets, made infrequently are very unlikely to cause problems on any system that's not outright deliberately misconfigured.