Getting data with wrong anon key

import { createClient, SupabaseClient } from "jsr:@supabase/supabase-js";
import { Database } from "./database.types.ts";


const url = "http://127.0.0.1:54321"; // Local supabase instance
const key = "wrong-anon-key";

const client = createClient<SupabaseClient<Database, "public">>(url, key);

const { error: signInError } = await client.auth.signInWithPassword({
    email: "bugs-bunny@gmail.com",
    password: "password"
});

if (signInError) {
    console.error(signInError);
    Deno.exit();
}

const { data, error } = await client.from("student").select("*");

if (error) {
    console.error(error);
    Deno.exit();
}

// This returns data.  ????
console.log(data);

alter policy "Enable read access for authenticated users only"
on "public"."student"
to authenticated
using (
  true
);