At the same time, it's worth noting that running curl in a loop is slightly less difficult than factoring RSA keys. So if someone "hacks" you via an unauthenticated public web service, the courts should take that as less of a computer crime on the attacker's part and more of negligence on your part. But on the other hand, if someone breaks into your well-engineered system through some nearly-impossible attack, then you should not be liable.