[chii]

Accidental code execution vuln might not be the only issue though. How do you know that state which is being checked and verified on server is not bypassed if the application is written without client/server divide? How do you know the data isn't being passed back to the client which should've always stayed on the server?

[den1k]

There is a client/server divide as you can see in the code examples. But I think the issue you're describing is a permissions problem, not a question of whether the compiler manages the network for you. There are traditional client/server apps with wide open permissions that allow all kinds of queries to pass through to a prod DB. Then again there are others that are heavily permissioned. Those are implementation details. If you _can_ control which code can run then you can write that code to _only_ run with certain constraints.