Last October I reported an exposed Algolia admin API key on vuejs.org. The key had full permissions: addObject, deleteObject, deleteIndex, editSettings, the works. Vue acknowledged it, added me to their Security Hall of Fame, and rotated the key. That should have been the end of it. But it got me thinking: if Vue.js had this problem, how many other DocSearch sites do too? Turns out, a lot. How Algolia DocSearch works Algolia's DocSearch is a free search service for open source docs. They crawl y...