I have a very simple JavaScript based Firebase app where each user gets a single document in Firestore that they can read from. As the Firebase API credentials are easily accessible in the client code, what stops a user from writing a quick JavaScript program that e.g. logs them in and reads this document millions and millions of times to exhaust my read quota?
The document here is used to check if the user has paid to use the app so I'm worried someone could lock out all the other paying users.
