Didn’t you have to get a key to do so? Or were you doing this outside of the API (some kind of site scraping or an export function on the site)? I am only asking, because I wanted to do something similar, but have absolutely no intention of applying for a key.
I agree that there isn’t anything wrong here. The API actually looked better than most (many APIs look like they are written by people who want to say that they have an API, but don’t want people to actually use it).
No PII was being exposed... no loss, no foul.
No key, no application, no signup, no nothing. But it is essentially public info so I don’t see a problem.