I find that surprising, given the lengths OB go to to ensure that only registered, accredited entities can participate in using their APIs. I'm not saying you're wrong, just that I find it surprising.
(Source, I consult with OB and have a hand in their PKI, I don't speak for them and I'm not part of or informed well about anything to do with the regulatory environment)
(Source, I consult with OB and have a hand in their PKI, I don't speak for them and I'm not part of or informed well about anything to do with the regulatory environment)