User opens our web application page and Marketo script is loaded;
What Marketo script?
From Marketo API a REST response is sent. We want this rest response in Front End to also contain the status of the user – subscribed or not.
This is no place for the REST API. All you'll be doing is creating a DoS vulnerability against all your API-based integrations (as well as this one). The REST API is not to be used in response to individual, ungoverned end-user activities.
What you need is a Pre-Fill solution. The Pre-Fill response (including the Unsubscribed field or whatever custom field you're using) need not be used to fill a form. It can be used to do anything else in your web app.