I wish "Secure APIs" actually explained its suggestions. Instead it has mysterious hints and prose, and an insistence that we do our own research, and surely we'll figure out the answers. I mean, isn't that what this article is supposed to tell me?