That is the second option it gives me, indeed.
It can not deploy because sign-in is a subscription feature.
That's why I'm asking if private use deployment is per default open/unsafe.

Let me put it this way:
Personal apps is afaik undocumented, and it's on a blank spot inside the plans.

You ignore the warnings and go ahead IF you made sure to configure it as Personal use only.
You can use it with a max of 3 different users, I do it all the time with my family apps

It will just be me, maybe an older family member if I can even get them to use it.

I'm just worried that if I push it through without sign-in requirement that it ends up on some random board for all to jump in and diddle my data. I don't wanna wake up one morning and find out some rando has trashed my 30.000 item catalog. 😅

No, your data doesn't get posted to a board somewhere. 🙂

As I understand it, by the very nature of mobile apps, the owner of the device running an app (any app, not just an AppSheet app) can bypass the app itself to access the data the app has stored on the device. If your app is "public", the app cannot use AppSheet features to limit the data sent to and stored on the device (e.g., security filters); consequently, all of your app's data is downloaded to the device and thereby theoretically available to a savvy device owner.

Hmm, I think I'm misinterpreting what deploying does.

So hypothetically, say I deploy my private use app and simply turn off that sign-in requirement so it can be deployed for free, and someone were to gain access to this apps URL somehow (leaked or guessed), will they then have full reign to mess with the spreadsheet data on >my< google drive wherever the app allows it? Or will it just pull a copy of the app and start its own new spreadsheet on >their< google drive?

I honestly don't mind people seeing what Ive made, I just don't want them to run buckshot through it 'for the luls'. 😅

At no point and by no means will users of your app gain direct access to the data sources the app uses; the most they get access to is a copy of the data sent to the app. The only ability to affect change to the data source is through the methods provided by the app.

Thats what im saying. If I have a list of items already filled out on my sheet, and somebody gets hold of the app and starts rampaging with the enter/edit/delete features, they DO get access to the data. So unless I keep it prototyped, it will have a potential hazard of somebody doing that?

Other users can use a prototype app, too, so keeping it a prototype isn't a defense.

That is an unfortunate risk.. I don't suppose I could impose a preface that requires a PIN number to go away? I know it would be unencrypted and still a risk, but its still better than just leaving it as is..

If that's not an option, I guess its back to just raw editing my spreadsheet, away from wayward fingers.

KIS. Put the Require sign in and Personal use only and Deploy it to enjoy automation.
Simple. I do it all the time

How do I check what supposed publisher licenses are on my project (since there shouldn't be any)?

And how easy/likely would it be for a stranger to get/find the URL?

As you can see above, it seems to literally have me sign a waiver about my data being public. What happens when I publish, exactly? Does it get posted up on a board for all to jump in and diddle?