If the application id is publically available, how do you/I prevent someone from scraping the appId and server URL, then initialising their app with my details and calling the web3API from the SDK?
Could a bad actor scrape a bunch of appIds, initialise their app with one of them, max out the web3api requests, then reinitialise the app with another appid and max out those web3api requests and so on? Could be frustrating for a paid user.