> I don't think it's unethical to send someone an email that has bad code in it.

It's unethical because of the bits you left out: sending code you know is bad, and doing so under false pretenses.

Whether or not you think this rises to the level of requiring IRB approval, surely you must be able to understand that wasting people's time like this is going to be viewed negatively by almost anyone. Some people might be willing to accept that doing this harm is worth it for the greater cause of the research, but that doesn't erase the harm done.