I could see a real version that sends the inputs to the backend where some analysis is done, but right now an adversary can just run the onVerify callback as "bypass".