Most of the data you can access through the API is public anyway. You could as well scrape it off the website, API just provides it in a more convenient format. For example, you're able to get profiles and friend lists and posts of arbitrary people, as long as they're publicly visible, without real authentication (but you do need a "service token" you get on the app settings page).
The worst thing to ever happen with that open data was that some debt collection agencies used it to threaten people and their friends, and I believe that's why those service tokens were introduced. And that story was rather widely publicized: https://www.the-village.ru/business/finance/217569-banki-pis... for example.
The worst thing to ever happen with that open data was that some debt collection agencies used it to threaten people and their friends, and I believe that's why those service tokens were introduced. And that story was rather widely publicized: https://www.the-village.ru/business/finance/217569-banki-pis... for example.