[tremon]

Things like hitting private, undocumented APIs

That's entirely Microsoft's fault too: they made internal APIs accessible to applications, and did not provide comprehensive documentation on the full features of their public API.

The latter means that application developers were forced to just guess what a function could do. And since no API performs proper input validation, undocumented usage became the norm.

[ygra]

Of course internal APIs are accessible to applications. You can always call them somehow. Whether it's fishing "function #183" from a DLL, or reflecting on a managed type and calling stuff that way ... I wouldn't exactly blame MS here.

Public APIs are documented, guaranteed to work like documented (otherwise it's a bug and will be fixed) and intended for others to call. Internal APIs are none of these things. They are not documented because they're not supposed to be called. Anything not documented in an API it (to me at last) something that's not guaranteed to remain like that. Whether it's a complete function or just a side-effect of something that is public.

[talmand]

Never mind the fact calling an undocumented API within your app could lead to really bad things for the user.