He has said multiple times that orders are "placed". He also said they aren't "executed". Based on what other people are saying here about McDonald's workflow, it sounds like a placed order wouldn't actually be executed unless he shows up to the store. That is probably what is happening here. It may be "reasonably harmless" but it is still not a nice thing to do just for fun and 15 minutes of internet fame.
EDIT: I'm not sure why, but moderators have detached this line of comments from where I was originally replying. I really don't think questioning the ethics of something like this is out of line on HN, but I can understand the phrase "kind of an asshole move" might have upset some people. Since this is the only comment I can still edit, I will just throw in the clarification of context that detaching this comment might have removed. The "asshole move" I was referring to is the practice of brute forcing this information through an internal McDonald's API by sending $18k worth of orders every minute.
For what it's worth the author joined the discussion and confirmed he is not actually placing orders, but rather using the API to check availability of a product.
He doesn't say how that works, but again if I had to guess I would bet it's checking the response to "add to cart" or something similar.
EDIT: I'm not sure why, but moderators have detached this line of comments from where I was originally replying. I really don't think questioning the ethics of something like this is out of line on HN, but I can understand the phrase "kind of an asshole move" might have upset some people. Since this is the only comment I can still edit, I will just throw in the clarification of context that detaching this comment might have removed. The "asshole move" I was referring to is the practice of brute forcing this information through an internal McDonald's API by sending $18k worth of orders every minute.