It is very easy (just a few clicks) to create a published oData/REST Service. Usually, there is authentication required and by default, this boolean is TRUE. However, setting this value to FALSE might create a data-leak. In my option is changing this value to FALSE too easy.
Therefore: