The Storage API permissions model for handling public/private file access is not intuitive and requires trial-and-error to configure correctly for common use cases.