Firebase is a popular serverless application platform with a fundamental fail-open flaw. In 2021, I created a tool for exploiting that flaw, which I still use today. In this talk, I'll showcase the kinds of vulnerabilities I commonly find in Firebase applications, explain why these vulnerabilities persist, and discuss how developers should approach secure Firebase development.