[mopierotti]

The first point is actually something that game developers have failed to do in many cases. For example if they want client syncing to require transferring very little data, they may only send player inputs across the wire, meaning that each client needs to know everything, even if the final decision about game state is made by a server.

[rjvbk]

Yeah, the same many developers haven't escaped strings they inserted into SQL tables, leading to SQL injections. Does this mean if I don't do that I have a right to brag about it? If I wrote a post saying "look at me, I escape strings" the response here would be "cool story bro". This isn't any different.