I probably used the wrong words… What I meant is that given API access, a malicious third-party can gather a large amount of data and store it in a way that goes against the service’s terms of service, without the proper privacy guarantees (e.g. user data being deleted if they delete their account). Obviously that’s a problem for a social network where people can post a lot of friends-only posts.