Technical people are accustomed to looking at the technical limitations of a problem space and then coming up with a solution. If the person managing the game then says "rule violation: you can't do stuff I don't like" it seems unfair.
The better way is to design the API in such a way that it can't be "abused". It's Apple's fault that iHasApp was able to do what it did, and it's Apple's fault that Facebook continues to do what iHasApp did.
While I'll agree with your second point about designing the API in a more safe way, the first one I'm not as sure about. You could make that same argument in favor of malware authors against Big Bad Microsoft walling them out with new Windows Defender definitions.
If something is stealing my personal information and sending it off to advertisers, I'm entirely happy to have the OS vendor give them the boot.
