Firebase Authentication is not secure?

The Firebase authentication file is visible inside the apk file.
I decided to open my application in Winrar and in the assets folder I noticed that it contained the google-services.json file with all the Firebase credentials. The question is, to what extent would that be a problem? Even if you have all the rules defined in Firebase, whoever opens the apk will have my credentials.
I searched the community about this, but I didn’t find anything related.(maybe because my English is not so good)

Anyone help me with this question?

Read this question.