Maybe someone with more insight to the restapi can answer those questions:
Why are all services registered globally?
plone:serviceZCML definition supports a
layerattribute, but it is never used. So all services are enabled and available by default. Installing the add-on “only” adds the browserlayer and some default permissions (which are required for a successful api request). But once installed — no matter if it is uninstalled later — the restapi is available on that Plone site.
Why can Anonymous use the restapi by default?
Is it because some Plone components now use the restapi for interactive behaviors?
Why is there no default limit for api requests?
When performing a search request, it is possible to query all content items without a limit and getting the full objects. On a site with several thousand content types this will kill our servers — no matter how fast the restapi is compared to SSR.