RPC Authentication Question

Why is it that while using RPC calls (which all must be authenticated) the available RPC methods check for the role a user has?

I understand for write operations but not for read only…

for example -> the call wp.getPages should be able to get all Pages regardless if the user can create pages? Same goes for getRecentPosts??? This information is allready publicly available on the website anyway?

One should be able to get all the posts that are publicly available from the blog via rpc? or am i missing something here… I am building a flash client (just to read) and created a special subscriber account for that purpose… yet no posts pop up unless i have the editor role. I don’t want that because the username/password is really easy to snoop and then people can also post stuff on my blog…

thanks for any insights

bas