Magento has a built in frontend rss feed for customer orders via /rss/sales/orders that is blocked via page auth which seems open to brute force attacks?
Also if I was to use the same function for access via frontend to fetch other system data ( customers list etc)
Is this good practice to have frontend single login access for this output?