I have a question about the Dashboard - is it safe and meant to be deployed in a production? I'm currently using a self-hosted instance, and what sparked this question for me is that self-hosted doesn't require sending the

api-key

header, thus allowing anyone who has access to the supertokens instance to create a new user/change password etc. My assumption is that supertokens instance should not be exposed to the world, and communicated only with via backend. Is that correct?