They are against the ToS and EULA. The people running them are going against a legally binding agreement that they signed with Blizzard for their original paid accounts, and are breaking Blizzard copyright by decompiling it and running it as their own on their own servers (usually making a profit through cheaper subscriptions or ad revenue for their forums). Not to mention that I would never in a million years trust them with account info or the security of my computer.
Just a sidenote: in many countries, ToS and EULAs are very often in a grey area (legally speaking), and regularly even violate some laws ( rendering the clause void).
So just because it's in the EULA does not necessarily mean you have to obey it.
Also, coding those private servers can be a fun and challenging thing. I was involved in a server project during the beta, at which time those projects were tolerated by Blizz. Once open beta appeared on the horizon they asked us to shut down ( ask being quite the euphemism :D ), but I did not see any point in continuing anyways once the game was released.
And, while I would never consider seriously playing on a private server, they can be a lot of fun. Raid BWL with 2 people(pre tbc), get GM gear, etc. Big hit on small lan partys !