Nearly every decent web site and application will have an application programming interface (API) of some sort. This may simply be another interface into the applications most advanced administrative controls, controls which perhaps are used by only 5% of users and would clutter up even the most clearly designed user interfaces. To make those controls open to end users, they have traditionally been exposed in a programmatic manner, that only deep technologists would look at or need to use. In addition, those API's were probably only ever exposed to private internal networks, where their protection from a security perspective was probably less of a concern.
Give me a REST (or two weeks stay in a villa in Portugal if you're asking...). RESTful architectures have been the general buzz of websites for the last few years. The simplicity, scalability and statelessness of this approach to client-server communications has been adopted by many of the top social sites such as Twitter and Facebook. Why? Well, in their specific cases, developer adoption is a huge priority. Getting as many Twitter clients or Facebook apps released, increases the overall attractiveness of those services and in a world where website and service competition is as high as ever, that is a key position to sustain.