There is no such thing as "api misuse". You provide the api and people use it according to the conditions you provide. Tighten your shit. Don't blame your own failures on other people.
Which is why I am happy to have email aliases. Alias gets leaked? No problem. I'll just delete that one and make a new one for that service. Scammers and spammers have a useless email address and I still have my clean inbox.