There has been a lot of controversy around the security in Meteor. Database everywhere does not scream security. We are using the same API for the client- and server-side code, and it does not take a genius to tell that we can also delete collections. After playing around for a while with the JavaScript console, we could easily delete all the Users in our previous example. You can always roll your own implementation for the security; for example, you can override the default server method handlers, making the Users and Images collections accessible from the client:

Meteor.startup(function () { var collection = ['Users', 'Images']; var redefine = ['insert', 'update', 'remove']; for (var i = 0; i < collection.length; ...