Hi I'm wondering if it's safe to leave the Users collection readable by authenticated users. Are there any significant security risks in doing this?
Is it really worth the effort to implement a separate public and private user collection, leaving the original Users collection (the private one) restricted to read/write/delete/create only for the document owner?
I'd appreciate any advice on the best approach!