[dghlsakjg]

Secure by default? No such thing by virtue of the fact that security is case dependent.

That said, all of the full fat frameworks make it pretty easy to define what should and shouldn't be visible to what users, the use case that he has would not have been harder to do using rails, phoenix, django, etc as a backend, and it would have been very easy to control the failures that he had.

[jjani]

It doesn't have to be full fat, it can be literally anything as long as it provides a backend layer inbetween the DB and the FE. It can be a single Typescript file that uses literally whatever the LLM defaults to, probably Express given its training materials, or Hono for something more modern, or any of the 1000 other options.