What are the most critical risks in the OWASP Top 10, and how do they manifest in modern API-driven architectures?