Moonpig's poor security

Their API allowed blind queries to lookup data, no authentication required.