This is awesome concept IMO, however you have everyone's data exposed by having supabase project ref and apikeys available here. As well as schema names, so with that info anyone is able to get all data stored. For example, here are id's of all id's of entries that are currently stored in simpleDB:
[ { "id": "58089ea6-9ba9-4168-beaf-763760f9d01a" }, { "id": "d44a9a26-a943-4336-aac3-041020d360fa" }, { "id": "3de776c7-ad74-43f8-a888-03857dcf4fb2" }, { "id": "1f57d057-857f-4440-a738-88337d767e05" }, { "id": "32dfe57b-5392-4cfc-bcd3-ce7c929835c8" }, { "id": "0205e51c-b152-4173-904b-69db4009b334" }, { "id": "ff7a8a29-7278-46ff-871e-55ea87173ca4" }, { "id": "030738b1-3b18-4f34-bbe5-10ab13311a47" }, { "id": "f27711b9-c861-438b-a4b8-79a0ac75e22c" } ]
I didn't test other methods, but I think they would be fair game as well.
First thing that comes to mind is for you to use different supabase project with keys/project ref names that are not in public repo. And perhaps using non 'public' schema.