Currently the article does not mention that databases are publicly accessible by default and how to change this.

To restrict each database to one user the following commands can be used:

BEGIN;

-- by default, everybody can connect

REVOKE CONNECT ON DATABASE "dbname" FROM PUBLIC;

-- now you have to grant access to the legitimate users specifically

GRANT CONNECT ON DATABASE "dbname" TO "username";

COMMIT;

Also should mention the default public accessibility in https://docs.digitalocean.com/products/databases/postgresql/how-to/manage-users-and-databases/