I didn't dig deep in to the docs - just played with the demos - but if all data is exposed as 'just' a URL - what implications are there for security? Can someone mod the JS to grab someone else's data associated with my app? They probably have answers for this, but it wasn't apparent in the demos I looked at.
Hey. Yeah, we have an ACL system for specifying who can read/write data at each location. So you can lock down your application data to keep it secure. The API for this is still in flux though, so it's not documented. Coming soon though! :-)
