Saying Google provides examples of being rather nice about it.

Firebase ACLs are a constant source of vulnerabilities largely because they are confusing and don't have enough documentation around them.