What about checking for authorization before returning such GET requests? Wouldn't it be another way of protecting sensitive data.
I may be misunderstanding your point but it goes without saying that you always properly protect your API, no matter HTTP method is being used.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.