While reading the Kan.so docs ( http://kan.so/docs/The_users_database ) I saw that the users database, which includes username and password, is publicly accessible for everyone. Couldn't an attacker use this to create a list of all username-password pairs? Wouldn't it be more secure to use a server side function which validates the password without giving the users db directly to everyone? Or am I just too paranoid?
Regards
