I tested my app in the DE org and everything worked fine.  I went to connect it to our main org and I got this:

{"message":"The Chatter Connect API is not enabled for this organization or user type.","errorCode":"API_DISABLED_FOR_ORG"}

I know that our admins are going to resist enabling anything that they don't think is necessary for business.

Question:

1) Is there a doc somewhere on how to enable it properly?  (I couldn't find it)

2) Is there a doc from Salesforce that outlines the security best practices and soothes the mind of an average admin.  Things that I am looking for in a doc like that is that via Chatter API no one will be able to get the customer data, change the customer data, get any opportunity data or anything like that.

Thank you!!