My client and server share the same game-logic script, which uses serverAPI functionality. Obviously, the client version does not run any serverAPI functions, however, if the client version still has server credentials, a bad actor could alter the script to run serverAPI functions. So my question is:
1. Does building the game as a client (I assume in Unity not ticking the "is server box" in build settings builds it as a client) remove and serverAPI credentials which can be exploited?
2. If not what do I need to do to remove this issue.
I couldn't find any questions or mention of this in the documentation, so seems like there should be an easy answer although this seems rather important?
Thanks.