Exclude old single widgets from REST API #6
Description
In order for a widget to be safely exposed in the REST API (that is, for unauthenticated requests), the widget needs permission callbacks to indicate whether or not fields in the instance are public or not. A schema has been proposed for being added to WP_Widget in #35574. Since old single widgets do not utilize WP_Widget they would not have a schema available, and since they are suggested to be deprecated in #35656, I suggest that they should be inherently not be exposed via the REST API.