Should Open API handlers return something other than 400 when there are no matching paths.

Currently Structures returns a 400 if you use a path like :structureNamespace/:structureName/blah since this matches our CORS then Auth handlers, then nothing else. This is confusing since 400 is also returned on requests containing bad data. Maybe we should return something other than 400 in this condition. 404 maybe? 
