I want to know whether my client can abuse EntityID. There are many opportunities for clients to access EntityID. ("PlayFabClientAPI.LoginWithCustomID", "PlayFabMultiplayerAPI.GetMatch", etc.) It is even possible to get someone else's id. Can I allow clients to do this? I know that "PlayFabEconomyAPI.AddInventoryItems" for example is not allowed to be called by the client, but are there any other functions I should be aware of? Or should all of the above functions be executed in a cloud script?