All of the emails present in this "leak" were taken from other dumps. That's how it's made, they took a list of known emails and tried to link them to a trello account.[1]
> What's the endpoint?
I think https://developer.atlassian.com/cloud/trello/rest/api-group-.... The endpoint allows you to get all public info (bio and username) from a trello account by its email.[2]
> Why did it provide personal information?
So users can invite other users to their boards via their email address.
> Why wasn't it throttled?
It should've been.
[1]: https://haveibeenpwned.com/PwnedWebsites#Trello
[2]: https://www.bleepingcomputer.com/news/security/trello-api-ab...