User blog comment:Dragonjet/API Security and Possible Botting/@comment-24878656-20140507185214/@comment-1820055-20140508013011

i think you are right, and its not like the developers will read this to even see my suggestions xD

although this explains just the concept, and doesn't really help script kiddies to do anything since they probably already know this request-response mechanism whic is the only technical thing i explained.

a real threat would be to post what are the api calls, their parameters and responses, which will be a global reference for explorers, and hackers alike.