In order to connect to a Live Query server, all I need is a appID that easy to extract if i use in web, so i open a thousand of connection to the that server and never close, is that make server overload or i missing something? I think about change my project from using firebase to parse, i just worry about some aspect of parse because my application contain some sensitive information.
See this conversation; issue #1504 on Parse Server.
My takeaway from this is that the only real option is to implement a sophisticated DNS & request limiting.
I suspect that without custom integration Firebase could be just as susceptible to a DDOS attack. However, this does not mean that any sensitive information you are storing is vulnerable as long as you use roles, ACLs and CLPs appropriately.