Your security rules are defined as public, so anyone can steal, modify or delete data in your database code example

Example: how to set read and write rules for public access firebase

// No Security{ “rules”: { “.read”: true, “.write”: true }}