Created a demo to show how to workaround secure rules access to Firebase once you have authenticated a user, using the web component and Firebase REST api.
How to have Secure Rules on Firebase, and allow Auth Users to Read/Write
Note: there is also an extension (paid) by Carlos Pedroza that resolves this issue, working in conjunction with the Firebase Authentication extension by Mrixtrem, I have tested this on a similar setup, and it works fine, but some strong rules are required in firebase. However, although it is more “blocky” I actually prefer my solution, more options, more control.
EDIT: now includes taglist and dataChanged events