Private apps doc - Am I risking exposing customer data?

New Member
1 0 0  "all data you expose to the app could be seen by any visitors to your store." "Storefront API itself is unauthenticated" "Storefront API is composed of the following: Customers - Information about customers in Shopify such as their shipping address and display name"

I'm not a developer so, please tell me if I'm misinterpreting this. It appears to me that any private app development which might transmit customer information (say, order fulfillment integration to a backend provider) would potentially expose customer addresses to anybody savvy enough to look for it (probably including whoever responds to this post

Am I wrong or is this the point of the caution on the Private Apps doc? If I'm right, why would anybody ever use the API in this way?