I am using the accounts-ui package, and after a successful login, I can go to the console and use Meteor.users.find().fetch() and it shows a lost of objects.
The question is, if I deploy this ap, can I still be able to use that command in the console? And If I can, then the whole of Meteor Community can check it out, and hence a security issue.
I will use Subscribe and Publish, so will that restrict the amount of datato only the user who is logged in?