The issue would largely be storing sensitive data (I presume), namely personally identifiable information. Imagine all the user data being stored in a simple and quick API that advertisers (et al) can grab at, rather than having to scrape through HTML bits on a page. Now imagine malware spreading across the internet and frictionlessly gathering this data.

Although some might argue we're already there and that there's nothing stopping the deluge of user information.