As of January 2010, 1,100 out of 1,600 APIs listed on Programmable Web are REST-based. Some of our best-known cloud services utilize REST, including Amazon, SalesForce and Google. REST does not have predefined security methods so developers define their own, and developers in a hurry to just get their web services deployed don’t treat them with the same level of diligence as they treat web applications. For instance, most APIs handle authentication using a key but no secret, essentially requiring a user name but no password.”]