1. SECURITY: ICE/TURN Server Credentials Exposed via Unauthenticated API Endpoint
A critical security vulnerability allows any unauthenticated client to retrieve the credentials for a TURN server directly from a public API endpoint. The `/api/voice/ice` endpoint returns the username and password for the TURN (Traversal Using Relays around NAT) server without requiring any form of authentication. Thi...