CCAPI does not have data stealing by its own BUT any tool u use with it could have one. Grab offsets and do your own apps. Actually i coded a wrapper dll around and instead the real dll so i always know wich memory adresses are read and written by a tool beforehand. Coders out there, logging/emulating/forwarding entry points from a winpe dll to another is really easy so u dont need the pain of analyzing bytecode with IDA ^^
To X-Sony's-Nightmare-X and else interested, spoof tools such as psnpatch edit values in main memory pool, but ccapi has full peek/poke access to flash, lvl1 and lvl2 even after patching syscalls. Thats why its potentially dangerous, but having local peek/poke disabled while remote peek/poke is still available is a useful feature on proper hands.
My tought is that if ure using ccapi online ure cheating hard and noisy, no need to blame a coder about banned cids. tmapi/ccapi never released would be better for everyone including legit users supporting developers, but its too late to be dreaming lol