If you’re using the API to build a data grid of the sensitive data, there’s no reason to hide it.
However, if you have fields you don’t need in the grid that are sensitive, use the fields=“list of fields” param in your request and leave those fields out.
Alternatively, you could use server side scripting to weed out the data you don’t want the client to see in the scripting section of the admin panel. Https will encrypt all data on the wire as well.