I can’t fully agree on this, because the whole point of the app is to authenticate anyone and I do not consider it “dangerous”, this is just how the app works. We can say the same about traditional login-password authentication - anyone with a valid e-mail can authenticate. We understand, that if you need to restrict access somehow, additional steps have to be taken.
Of course, there may be times when you want to restrict access to a list of users (using invites, maybe), but I do not really think that readers need some additional explanation that with the current setup everyone can authenticate. Still, your concern is understandable and thank you for the feedback. I hope you find another piece of the article acceptable 