Gas pumps happen to be about as insecure as your typical router

[maxerickson]

The way the legal system works, the safe option is to not do anything with systems that you don't own or have authorization to use.

Like public facing websites that advertise they are meant to have users are pretty safe, but after that, explicit authorization is a good idea vs deciding for yourself whether it might be critical infrastructure.

[Terry_Roll]

I was going to suggest, why not buy your own gas pump's and do a hackathon!