[TobiHeidi]

Parse is very unsecure because you essentially give the user full read/write/delete access to all of its data as no logic is run server side but clientside. That means any scriptkiddy can change all data as it likes.

That has nothing to do with MongoDB, but with the cirtical design flaw of Parse to trust the client not to send fake data.

[ZephyrP]

My initial intuition is that such an egregious oversight can't possibly be real for a YC11 company, can anyone validate this? Does Parse really provide no way to set document fields writable, readable and so on?

[aherlambang]

In Parse you can authorize/de-authorize client permission to get, find, update, create, and delete for each table

[seivan]

Yes that is one way to look at it - but my initial focus was not on the server sided logic, but the persistent store, in this case, MongoDB.