Our databases and code (including passwords) are completely hidden so no developer console could access it. The DDOS attack did not expose any details and we plan to implement password hashing some day.
Nobody except you will know your password, we have 2 factor verification for extra security available in your account settings. We will NOT ASK FOR YOUR PASSWORD.
We are constantly trying to improve security, feel free to sign up today!
We will need to log IP addresses somehow, regardless of wether they use a VPN. And we plan to move to a new domain soon.
As for your last point, regular people may wish to dive into development with a sense of how popular code-sharing sites like github work. It really is for experience! But we understand your criticism fully and we will never force you to join in any way.
You could set up a glitch reverse proxy(like the one i made) as a secondary glitch project and whenever that project gets a request it forwards it to the actual project but then logs the ip, rate limits, and all the other security stuff.
By the way I see this “Project pt-gogs suspended: Unknown”
Also another thing. If u don’t want the first person to get admin, make a copy of the database when the proper admins have been chosen and restore the database to that point when the database breaks.