All data is scrapable. It’s just a matter of how difficult it is to scrape and whether it’s worth the effort.

Assume anything you see or input is being captured, because it almost always is, even if it’s just because WiFi can trace your physical outline, or a street camera saw you unlock your phone, or your fingerprint is can be copied from a door handle.

The only place that data is mostly still secure is literally your brain, but even then, that can be compromised with a bottle of booze.

how in the world did they not better safeguard and isolate user data?

It’s realistically impossible to 100% do this, unfortunately. 20+ year old security flaws are discovered alarmingly frequently, and once the wrong person knows about the right exploit, they can automate entire global attacks. Automated attacks make up a lot of global internet traffic.

Imagine there are physical medieval castles with moats with crocodiles and turrets and an entire defending army with ballistas… but doors randomly appear in the external walls, and bridges instantly construct over the moat, and entire sections of walls can disappear unexpectedly. When there is an infinitely replenishable enemy army attacking that castle, they’re going to get in eventually. That is what the internet is, but digitally.

Humans write code, and humans aren’t perfect, so neither is their code. And anything Humans make or do, a different human will try to destroy or exploit it, that is guaranteed. It’s a problem we’ve had for as long as we’ve been organisms.

I know I have the DNA relative feature enabled but I would’ve never imagined that was scrapeable and a vulnerability.

if it’s viewable in a browser, it can be scraped.

You can make it more annoying for scrapers, but in the end, you need to show stuff to your users, and that’s what scrapers basically emulate in the end.

And as for being a vulnerability: Finding the murderer of a cold case

Yeah, that title triggered an immediate and involuntary eye roll.