I've noticed that there don't seem to be any security measures to prevent someone from using my TitleID without my application. I know there is an API secret key, but I don't see it integrated anywhere, nothing in Unity references it, and I certainly hope it's not retrieved from a login call as the login call only needs the TitleID.
A 4 character TitleID on it's own seem quite unsafe, not to mention that the only way I've found to use that TitleID is by hardcoding it. And we all know that is not safe. My overall concern here is that the PlayFab system seems incredibly unsafe and easily accessible by even the most novice hackers.
For clairity, I'm using PlayFab for Unity via the Unity Package.