ugh.. it is actually built into the api, at least for general run of the mill 3rd party developers. it's not like you can just sign up as a developer and get access to random peoples privately shared data.
now if you sign up and okay access for a "please surveillance me" app then.. well, duh.
the stuff you can get without permissions you can get via regular http/web anyways, if the target has chosen to do so. which of course begs the question wtf are geofeedia etc selling. my bet is that they're selling 99.999% snakeoil product. it will tell law enforcement for example how many times people have publicly said "pot" in a given geographic area(that the users have marked themselves to be part of). as such the rule changes don't have any effect.
twitter on the other hand has been giving some weirdo firehose access to some partners for analyzing or whatnot. thats also just a better api to info that people are putting on the web anyways.