The auth token is meant to prevent rogue browser extensions from stealing or deleting user data, however it’s not secure enough to expose the server to internet.
