I'm just curious that is the current Stripe payment secure at the moment? Let me put my thoughts.
By simply looking at the code implementation, we set the $amount and feed into a function called processStripePayment. And it seems to be a RPC call. This is not secure because anyone can manipulate in the client app side to change that value? Please also see this article Where to store relevant data for similar thoughts.
I hope I'm wrong, but if I'm correct. What would be the solutions then? Do we need to use Firebase & Stripe Extensions to install the Cloud Functions?