Tell HN: Google AI Studio docs encourage Google-discoverable open wallets

Google AI Studio documentation encourages developers to deploy vibecoded apps, claiming the API key is secure because it is protected by a proxy - however, there are no checks on the open proxy the deployed app exposes, which allows anyone to use the developer's wallet for arbitrary queries. Vulnerable live endpoints are discoverable by a single google search for us-west1.run.app . The proxy processes Gemini requests even if the deployed website has no AI features itself. Not even a documentation update 2.5 months after reporting.