Comment by jahewson
Sadly true, but Firestore has a security rules emulator and encourages you to write unit tests for it! There's just so many levels of "ignored all reasonable practices" here. Where's the code review? Where's the security/privacy audit?