REST is not for going concerns then it seems.
2nd hand car dealers, insurance salesmen and fly-by-night SAP consultants and non-ABAP developers should fair well with it for a while then.
Personally I find it more ugly that you are forced to use the secure store instead of other more secure authentication mechanisms.
You can prevent the attaching of the debugger via user type SYSTEM, some system parameters to control the debugger and even deactivate the external debugger at rdisp level regardless of authorization (escalation).
There are infact quite a lot of options there, but if the service is designed to have a lot of functional access and you get the PWD then 9 / 10 time you can do anything you want to using protocols which are permitted.
Anyway... this is the security forum so easy way does not score points on it's own... 
Cheers,
Julius