My understanding is that any write operations to a contract are executed through a transaction which automatically verifies the authenticity of the sender. However, read options can technically be called by anyone that may happen to know the address of the contract. Is that correct? Is it safe to assume then that it's the developers responsibility to protect read operations if you want to prevent "unauthorized" reads? I just want to make sure I'm not missing something?