I use firebase authentication to let users verify by email when they want to sign up. When I tested it, I found that my firebase url, api key and some codes(?) were exposed to the link in verify email.
Is this okay with database security or am I missing something?
You can edit (some of) your email templates in firebase console:
No it is a shame.
Firebase maintain that if you have your secure rules setup correctly, then the display of your project name should not be an issue. Folks who do not set secure rules are given enough warnings about this.
