But can't the bad actors use the same APIs to ensure that it's passing this first?
See my other response on this, but this is something we are actively protecting against.
See my other response on this, but this is something we are actively protecting against.