On services (Odata/Rest/Web) security is editable. For example no authentication or Username and password. The selected option can have an huge impact. To keep control about which services there are and the level of authentication is required the following idea:
Having this will make it easier to keep control on the services and it's level of authentication. Also without having access to the model (or knowledge) the authentication should be visible.