Which security concern is most critical when exposing microservices through a public API in a cloud environment?