[radicalbyte]

> It's not just a naming convention it's part of the build/compilation > step that will not bundle anything not specifically prefixed for > the client, and is safe by default.

Yeah no, it isn't safe-by-default. I caught a frontend team shipping keys in the frontend code. Cause? Typo and using default templates which built-on-deploy.

[evilduck]

Can you share a clear example? This still seems like a contrived complaint. How did someone fat finger typing that specific naming requirement prefix? Or how is leaking a value into a template like that not similarly a risk in Python or a Go backend that renders stuff on the server (like all the HTMX hype). It feels like you're saying that a fat client side SPA is the only answer to anything.