From the README:
Mastodon 4.x radically changed the frontend, to much dismay from the actual community. It’s now a (slow) webapp, which requires access to lots of API routes that were previously unavailable to unauthenticated parties. It gives the public a much deeper view into your (private) community, both non-techincal (instance home pages now show an ‘explore’ page nobody asked for, that shows public content from instances you federate with. [you have to fully disable trending]), and on a technical level (toots and search API are publicly available allowing for much easier programmatic scraping).
Until someone gets burned by posting things they think are private, but due to how the protocol is designed are not. I think these kind of failure modes should be best avoided.