What risks are there if my api is insecure, but it's not holding anything private?

Question

I understand that ideally, I would have a secured api, but I want to understand the threats that exist as well. Say for example:

• I have an api that I call from