The question of legality remains, but you can always try to contact the previous owner via OP_RETURN of BTc transaction. Many old thick wallets no longer have their owners.
Not ethical, the Bitcoins still belongs to the owner. I imagine anyone trying to run this doesnt really care.
Brainflayer is a completely different tool from BitcoinWalletCracker. It works on a completely different principle. BWC isn't bruteforce tool.
It's the same. Brainflyer isn't bruteforce either, the user has to feed brainflyer with suitable strings for it to search. Which is also incidentally the same concept of yours; a dictionary attack, but in this case you're crawling websites. Brainflyer allows for the user to feed it information using another source, like a web crawler. If you're going to tell me your program somehow can reduce the complexity of the brainwallet, then it works on different principle. You're just changing the inputs to the bruteforce.