[frenchtoast8]

So the big bad "significant security vulnerability" Adafruit just had to let everyone know is a public Firebase API Key without realizing these are more often than not intended to be public and didn't bother taking 10 seconds to Google it. They also claim Flux's "6.4 million projects" number is "substantially inflated" when the only thing they know is that the number hasn't changed in a few months. Maybe it's true they haven't updated it because it has shrunk, but where is the evidence it is "substantially" wrong? Adafruit points to the number's static HTML as the smoking gun that it is knowingly falsified without understanding the site uses Next.js and server-side rendering.

Obviously sending a cease and desist letter about making a dumb security vulnerability disclosure is wrong, and their counsel is stupid for making CFAA claims about this. At the same time, Adafruit can't clutch their pearls about an ignorant lawyer when they are also guilty of being ignorant here.

Both sides are jerks here, which seems to be typical of the stupid spats ptorrone starts with others online, threatening Adafruit's good reputation for the benefit of their ego.