How many people would have put money into the DAO had this exploit been known in advance? Few to none. The attacker is exploiting a flaw in the system to undermine the expectations of every DAO participant and even the DAO developers. In my mind that makes him a thief. But at a minimum it makes him highly immoral. The fact that property can sometimes be "legally acquired" (if that's even true in this case) doesn't mean that it's moral to acquire it.