Neat story, and this is clearly harmless. But isn't the most basic, fundamental, number one rule of security/pen testing to try to break into a system (no matter how weak) if and only if you've been given clearance beforehand? Why doesn't that hold here?

The rule does apply. Also, it was a senior prank, which by definition involves breaking the rules.

The author literally put in TWO disclaimers making that exact point...

I think the OP is asking "Why are we applauding them if they broke the rules?". The answer is "Sometimes, people break the rules".