While this could be built using the standard SFDC API license, it's a dangerous concept because it means you're letting someone quench your API calls just by typing a few letters in a form. Even though SFDC is comparatively generous (vs. Marketo) w/daily API limits I would very wary of this approach.
Far better would be replicating your SFDC database (for example, using Relational Junction) to another database. Then serve that db up to the world to the tune of billions of hits per day (plus your own rate limiting).
Yes, and you can do it without using the SFDC API. We have done similar things using force.com sites, a Salesforce feature for public web pages / APIs.