My point is people have gone to prison over GET parameters, not the legality of the it. DOJ has CFAA. Abusing private APIs is flying close to the sun. Even if you do get out of prison eventually
I used to use SSHFS to have access to remote files in the OS file browser. But I moved onto WebDAV (via lighttpd) because I like managing the auth outside of PAM and also OS file browsers (including Win/Mac) have good support for it