Nothing.
Rate limiting is done by ClientID/IP Address pair. So thats not a concern.
Just means someone can and may take YOUR ClientID and use it to request information thats “public” anyway.
Can’t use JUST the ClientID to perform or create authenticated requests