Since RPC_API_KEY set by default in docker-compose.yml file, if an unauthorized person knows IP of the node, he/she can easily modify tiles via that pre-defined key on file. I suggest to pass command or run bash script to generate random RPC_API_KEY(and output that key in plain text file inside project's root path, it can be done by mounting a docker volume of root folder to save changes as you have already done with data folder I guess) or ask it from user input.
Since RPC_API_KEY set by default in docker-compose.yml file, if an unauthorized person knows IP of the node, he/she can easily modify tiles via that pre-defined key on file. I suggest to pass command or run bash script to generate random RPC_API_KEY(and output that key in plain text file inside project's root path, it can be done by mounting a docker volume of root folder to save changes as you have already done with data folder I guess) or ask it from user input.