Not liking someone isn't a good enough reason to put them in jail.

Usually. For now.

"Oddly, the reason for the ruling was not based on the merits of the case, but on the venue in which he was tried (PDF)."

This isn't odd at all. If the venue was incorrect, then all the issues raised in the trial become irrelevant.

Think of it this way: if he'd been charged with "being a Mets fan," and the appeal was based on (a) there's no law against being a Mets fan, and (b) the evidence that he was a Mets fan (a cap) was obtained through an illegal search, then whether or not the search was illegal would be irrelevant - he had broken no law, so the "conviction" would be tossed out.

He deserved to go to jail. Read the body of evidence against him. This wasn't a simple exposure of a security flaw in AT&T's website. He took deliberate actions to maximize the collection of information, bypassed security measures to obtain said information (that the security measures were woefully inadequate is beside the point, deliberate actions were required to bypass them), and discussed ways to use the obtained information for personal profit with his co-conspirator.

None of that is to suggest that I agree with dragging him halfway across the country, or even with the Feds getting involved in the first place. His home state (Arkansas) has a computer trespass statute that would have been sufficient to prosecute him under, or the Feds could have at least tried him in his own district. I suspect that the former is what may happen now, since double jeopardy won't apply to a State level prosecution, and if it shakes out fairly he'll get credit for the time served in Federal prison without additional jail/prison time being imposed. First time offender and a non-violent crime after all...

Venue was improper. That doesn't mean he isn't guilty, it just means the Federal Government was inept (shocker, I know) and has managed to turn a common criminal into a martyr because they were too stubborn to simply turn this matter over to the authorities in his home state. I suspect the Feds will just prosecute him again in his home Federal District, wherein he will be convicted, though if they were smart they'd let the State authorities handle this matter. AR has a non-controversial computer trespass law that would cover his actions here.

And you'd be wrong. You're looking at this from the geek perspective, rather than the legal perspective. Google the reasonable person standard and mens rea, those are two of the most important building blocks of our legal system. Bottom line: He knowingly accessed information that a reasonable person would have known they weren't entitled to access. He did so by tricking AT&T's servers into thinking he was someone other than himself. The icing on the cake were his own words entered into evidence, wherein he admitted that he knew he wasn't entitled to access the information.

Don't take my word for any of this, go read the body of evidence against him. It's all publicly accessible via PACER [pacer.gov].