Currently, when creating a new post via the API and not specifying visibility, the behaviour is as follows:

• If the profile is locked, the post is created as private
• If the profile is not locked, the post is created as public

This is a holdover from before there was an explicit "Post privacy" setting (which is also exposed in the api via verify_credentials). I suggest that, instead of the current behaviour, the API should - when no visibility is specified - default to the visibility from the settings, as the current behaviour is confusing and not well-documented.

An app using the API pulling the visibility setting and caching it is not desirable (it can change at any time - not a problem for something interactive that can just indicate what pressing the "send" button will do in the current state, but a problem for something that is not), pulling the setting before everything you do is a lot of pointless API requests.

An alternative, since this would be a breaking API change, might be to add a way to tell mastodon to use the setting explicitly, allowing anybody who implements the API to implement it in such a way that it satisfies user expectations without breaking code that relies on the current behaviour. This could by done by e.g. passing "default" as the "visibility" parameter when creating a new post.