I’m bit worried about the uid. It is used to calculate the billing at the end of the month but it’s an information exposed client side and seems there isn’t any relation between token (obtained by oauth) and the uid of a single BeeEditorInstance.
If a malevolent user that use my application that implements beeplugin, simply put a breakpoint in js execution in his browser, reads the token object then he can easly create like a thousands of instances of BeeEditor with random uids increasing my monthly bill by infinite amount!
What’s suppose to be the protection against these malevolent behaviors?
I came at this conclusion because i simply create 2 dummy applications and tried to load 2 editor instances with different uid but with the same token.