The vice president’s personal email was hacked last year, and it turns out that the hackers may have had access to official state business, which Pence reportedly conducted on it. But wait — put down the pitchfork (for now, anyway).

The facts are these: A public records request filed by the Indy Star showed that Pence indeed used his AOL account (Aol with lowercase letters owns TechCrunch, but it’s not really relevant) to discuss policy with his advisors and even FBI war-on-terror type business.

It must be said that there is no small amount of hypocrisy in that Pence, who was among the many politicians who loudly decried Hillary Clinton’s use of private email for state business, was himself using a private email for state business, but the situations are different in important ways.

Although using one’s personal email address for official communications is, generally speaking, a pretty bad idea, it’s not illegal. As was concluded in Clinton’s case, this shows irresponsibility, but is not any kind of criminal offense.

Pence also wasn’t handling documents with federal protections — classified or top secret, that sort of thing. Again, he shouldn’t have been handling any business via his AOL account, but what he did handle wasn’t hugely important.

The emails in question were filed and retained dutifully as required by Indiana law, which is accommodating of the fact that these things sometimes happen.

Pence was also using a private email address, but wasn’t running his own private email server, which is an important distinction. Among other things, AOL’s service is subject to restrictions and authorities that could lawfully compel it to produce emails or records — difficult to enforce with a private server like the one the Clintons used. And that’s not getting into the security implications.

The hack (which the Indy Star also reported on) occurred in June, and Pence wasn’t chosen (publicly, anyway) to be Trump’s running mate until July. That the hack resulted in Pence’s contacts being spammed with requests for money suggests it was the kind of hacker who targets prominent rich people, not a state actor looking to mine Pence’s personal records for juicy details on the Indiana state executive.

Lastly, it really is standard practice in government to have a personal and official email, as well as a third for off-record communication. Sometimes these might not all be available, and it would be troubling to have a governor be unable to address an emergency because he left his Blackberry at the office. So the lines get crossed now and then, and the law is there not to prevent that, but to make sure that when it happens, it stays on the record.

Pence is on the right side of the law here, but, like many others, the wrong side of security best practices. And this combination of circumstances is exactly why: Public officials are targets, and it is irresponsible to allow state information to be put at risk through lax security. Pence deserves criticism for this embarrassing but luckily not particularly damaging lapse — but don’t get carried away.