There are probably no laws against it.  If you do not need to alter or exploit the code in the site to obtain the information then you are probably not doing anything illegal.  However you may be doing something unethical if you have not been given permission to browse the site.  If there is some monitoring of the site and it is noted that there are some strange directory traversals, they may take that as hostile and begin investingating.  Its a fine line I think, a gray area and is really based on your judgement.  If you find something that could be exploited and decide to tell them about it, you may get some negative responses.  Tread lightly sir.

The question then arises, what were you planning to do with the information?  You still gathered it so why?  That would be questions that I may ask if I came across your activity.  The otherside of the coin is "well they put it out there so its their fault" that's where you need to walk the ethical line I think.

Can't argue with the logic   Then again if the company collects the information because they are well defined as a "Partner" with a site that you gave your information to and agreed in one way or another that you allowed them to share your information with their "Partners" then they have the right do such data collection and you could still be found in the wrong, no matter your intentions or their business practices. 

Its the gray line similar to the idea of attacking back when defending your network.  One would like it would make sense but there are laws that protect the bad folks as well as the good folks and depending on where the originate, you may be crossing some international lines.  Best bet for testing tools is to try and build yourself a web app lab of such.  I'm sure you can get some sample sites that can quickly be thrown in for use, or you can test against sites like hackthissite.org.