Eugen, the API has been completely reverse engineered, long ago. Enough to log in from scratch, you don't even need to extract the token form the actual app. Yes, they do ban accounts that exhibit unusual behavior or make too many requests over short time periods. For that matter, they banned some of the accounts made through that Android app of mine.

Yes it's public stuff and public stuff only. I don't see why it's worthy of any excitement.