In addition to the above,
Is there any restrictions on the number of Authorizations or number of API calls in a month, for the publicly distributed client(not listed in marketplace)?
Also what if, I am working in a company like Google/Microsoft and I am trying to develop an OAuth integration and marketplace listing is not mandatory. Can I just make the client public and use it for OAuth and no legal issue will arise? I am asking this question, since no verification is done for the public client, only verification is done for marketplace listing.