That doesn't seem likely. This person didn't reveal any personally identifiable information to the public. Have there been other (IMO, frivolous) lawsuits going after people who have identified holes in banking software?
In that particular case, the person was a security expert who spent time hacking (by way of URL) their system to expose information. And they threatened legal action but never went through with it (as they had no case).
In this particular case with Bank of America, a user did nothing out of the ordinary to expose information and reported it proper.
If I had 5 cents for every time I've read an article on someone going after the person reporting the hole in their software...I'd probably have at least enough to go get a soda from the company vending machine.
The sad state of affairs is that a lot of companies are more interested in security via cheap obscurity, and will gladly go after the person who dared to publicize their security holes.
The difference here, is that unlike URL-hacking, or some-such, they would have a hard time arguing that a user using their product exactly as intended was doing something against the law.
