Grabbing API Keys from code hosted publicly shouldn't be an issue. Your rules should guard your databases (Firestore, Firestorage), CORS should guard Auth and Functions.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Grabbing API Keys from code hosted publicly shouldn't be an issue. Your rules should guard your databases (Firestore, Firestorage), CORS should guard Auth and Functions.