The MANUAL: “Users with the ‘view’ permission can view all reports in Matomo (Piwik) for the website(s) the user is set to ‘view’.”
A POSSIBLE CONSEQUENCE?: This suggests that once a widget is made visible on a website to anonymous visitors, anyone who understands page source can discover the location of the piwik.php file, and anyone who understands both page source and Matomo has full access to all the data available for a website via a Matomo widget. One has only to write the appropriate query string and voilá: the widget appears! Is this an accurate assessment?
MY DESIRE: What I would like to achieve is the following: Display a select number of widgets for anonymous visitors without giving access to my entire Matomo database to those visitors knowledgeable about the creation and use of Matomo widgets.
QUESTION: Is my desire even possible without having to write an AJAX call?