@mlwelles We’ve left this open-ended so far because we’ve found most users have fairly specific requirements from their organisation about how things need to be secured. Since a lot of users have to plug in their own authentication anyway, we wanted to make sure we didn’t have anything in place that might take effort to undo.
Your models definitely shouldn’t be “open for the entire world to train”, though! Prodigy is a developer tool, so the normal usage is either the developer working themselves, or other people on the local network. I agree that a built-in solution for basic authentication would be a good addition.