In addition to issue #10 and as evident from this report there are two security issues with the current Firebase Database Rules:

1. Attackers can obtain Admin privileges and manipulate users' data by arbitrarily write to /admins and /users.
2. Anyone can read /products. I'm not sure it's an issue.