The official discourse_api ruby gem also supports accessing public data without an API key. So I think it’s fine for the tooling to exist. It’s up to users to ensure they’re complying with any forum-specific ToS.
(that’s my personal opinion - not an official legal statement from CDCK 
)
It’s also worth noting - unauthenticted ‘bot’ requests are subject to much stricter rate limits, and potentially other ‘bot protection’ security layers (e.g. Cloudflare). So if you can, it’s always best to use an API key.