The problem with Elastic is that their security features are not in the open core and so people tend to skip on that by not even rolling their own IP whitelisting/authentication with a reverse proxy. This results in a huge information leak ending up in the news every few months and you having to explain to your sysadmins and IT that no, Elasticsearch is not insecure as a product, it's just how those people at SoLoMo PwnMeNow Inc. used it.