So I've started work the CloudScript, it's awesome being able to avoid recompiling my game constantly to make a change. However, I am concerned of the security of using the CloudScript. Mainly, the fact that we can not specify certain CloudScript functions as server-callable only. I plan to use this to update player items and currencies after missions, but the idea that a client could call onto this function scares me. I am building in checks and balances so we don't get faked data, but that only helps so much. I'm hoping that this is an oversight on my part, maybe the context parameter could provide the API the call originated from?
And, as always, thanks for your time!