The rate-limit data in the headers should be opt-in by default.

EDIT: Perhaps configurable to one of three options

1. Limits and current request counts returned on every request - least desirable for public api's as it provides data scrapers with too much info.
2. Limits and current request counts returns when threshold nearing ~10%
3. Limits and current request counts never returned to clients