Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Leaking the user's own auth 'User UID' is no security risk, right?

If you are using auth and have RLS with policies that use auth.uid() where needed, then no.  It is visible in local storage.

Got it, so it's about restricting user's access to the DB. I was worried that the uid works similar to a session ID. 

Do you know if there is an article about best/secure practices when it comes to auth/RLS? I just clicked through the documentation and I can't find anything like that.
Some policy templates use auth.uid() and others auth.email(). I was wondering if there's a reason behind that