sqli's are pretty much the current definition of skiddie. You don't even need to look for them or work them by hand, they have automated tools for that.
Given that I frequently hear about renting botnets, that's not necessarily the case - to acquire a botnet, one does not have to go out and compromise a bunch of computers. Of course, your phrasing suggests that you are presenting yourself as a primary source, as if you were a member of LulzSec speaking from experience. If that's the case, disregard this comment.
That was pure sarcasm, in reference to the OP's statement that "their recent hacks were _not_ kiddie stuff". Most of the crap they pulled last week were merely DDOS attacks, where the only real coordination required is getting everyone on an IRC channel at the same time to hit a button when someone says "Go".
You may not have a proper conception for how anon uses DDOS. A single hacker may DDOS via creating a botnet of zombie computers infected via worm, trojan, or virus. However, anon just uses "LOIC", which is a client that people who want to participate in the DDOS run. There's a call for DDOS of a target, people run their DDOS clients and set the target, there's not necessarily any "hacking" going on whatsoever.
Also: I wouldn't bet on them being autistic nolifers, which is what the author of this letter seems to be suggesting, you'd probably be surprised.