It’s still a mess and any suggestions to fix it are met with hostility which is a shame because I’d love to use it. Last I checked there were still endpoints not behind auth that exposed stuff you’d probably not want exposed.