The drugwars team implemented an authentication method on the websocket API around a day ago. This means that most of the published auto-heist scripts will not work anymore out of the box but need some adjustments. Not everybody that used the public scripts will be able to make these changes and I haven't seen any posts with updated scripts yet.
The change which is require to login to websocket API takes about 5-10 lines of code. From my perspective it was made not to limit access to API but to help drugwars team find user names of players who are abusing the API.
The problem is that it in reality it doesn't change anything, for 6 STEEM you can buy a new Steem account and use it only to find players with cheap resources by calling get_user method. This info you pass to army of bot. The bot attacks looks then legit because no abuse of API is done by them :( You will have to only regular buy new accounts which will be banned for abusing the get_user method.
From my perspective identifying and banning bots is waste of time, instead of developing the game the team has to do some statistic analysis :( Instead of this number of user actions should be limited for e. g. 20 attacks a day, or only 1 attack in time frame of 2h . Maybe a captcha should be added before each attack.