I know scraping is frowned upon but is it fair game to source the public athletes endpoint (e.g. https://www.strava.com/athletes/{id}) which is reachable without a login and is not explicitly forbidden by the robots.txt for athlete image links and other stuff to use in a Strava API application? 
Sorry if this happens to be a duplicate question. Have a nice day!