With Firebase Realtime Database, your Database rules is your server side security. You need to be very careful and aware of who has access to your database. It is important that no one gains access to your data that shouldn't.
By default, the Firebase Realtime Database rules allow any authenticated user to read and write all the data, this is probably not what you want your app to do.
Take a look at the below examples for different scenarios.