Actually, i do not see the big problem in changing permissions of the api-browser.
The api-browser was designed and implemented as a singleton package for providing documentation for developers about the code running on this instance (there is only one code basis). If one wants multiple instances to be used for different purposes, maybe in multiple subsites, one has to
- remove the singleton-property (with all consequences),
- make the package subsite-aware (maybe not much),
- provide configuration options per instance (what kind of code you want to see),
- extend the API in what instance the data should be seen (and maybe provide as well source-code language information)
- extend the data-model (i.e. the nsvs, naming etc.)
This is some effort, but it it look in general doable to me, since the existing API and datastructures are rather simple. One should be able to provide default settings, such that existing usages can continue to work unmodified.