I havent claimed that they created an obvious security hole.
I gave the answer why most people dont ask that question while clearly refraining from stating an opinion on the matter, simply because i'm no security expert who can judge if introducing such an api creates additional vulnerabilities even with server side checks(not obvious).
I gave the answer why most people dont ask that question while clearly refraining from stating an opinion on the matter, simply because i'm no security expert who can judge if introducing such an api creates additional vulnerabilities even with server side checks(not obvious).