This paper considers some of the ethical issues surrounding the study of malicious activity in social networks, specifically using a technique known as "social honeypots" combined with the use of deception. This is a potentially touchy area of study that is common to social and behavioral research that is well understood to fall within the boundaries of "human subjects research" that is regulated in the United States and reviewed by institutional review boards, but is not well understood by computer security researchers or those in the private sector. The firestorm of controversy over the 2014 "emotional contagion" study of Facebook users shows that learning about being deceived may itself be the harm, to both those users involved and their trust in researchers and research in general. Should researchers have an obligation to try to find research methods that do not involve deception to achieve the same research results?