[Bombthecat]

The biggest issue is security. More often then not, the API allows you to see more than you should.

[princevegeta89]

This is probably true, and it can only be uncovered by rigorous testing. There is a bunch of layers of abstraction that won't be very obvious if you are using GraphQL as opposed to rolling your own REST API.