Ok, I'm sure this address places, but if I can access the db api on the client... what's preventing someone on the client from screwing with my database? getting around read/write permissions and such.
Wide open DB access is for rapid development. In production, which meteor is totally not ready for yet, you'd restrict the db, have proper auth(which isn't built into meteor yet), and call restful methods from the client that have both client side and server side validations.
Sorry, but that's an oxymoron if I ever heard one.
The downvoter would do well in reading about the Uniform Interface constraint of REST. Meteor methods are application specific and therefore the architecture is RPC, not RESTful.
so, it's no where near done yet then? cause this is in the FAQ:
Nonetheless, if we were starting a new project today, we would use Meteor. It's open source, so you can decide for yourself if it's finished enough to be useful to you.
Yeah thats funny, I don't think they'd really recommend putting a meteor app into production. Auth is still in it's own branch https://github.com/meteor/meteor/tree/auth and meteor's version is "preview 0.3.8". Plus you can't yet do things like respond to restful requests.