The Vibe Coder's Pre-Launch Security Checklist: 25 Checks for Cursor, Lovable, Bolt & Replit Apps I scanned 62 Lovable apps in early 2026. 63% had critical or high severity vulnerabilities. The average app had 10 findings. These weren't obscure edge-case bugs. They were the same mistakes, over and over: exposed API keys, disabled row-level security, missing authentication on routes, no rate limiting on login endpoints. The apps looked great. They worked perfectly. They were completely open to an