I was asked in another post why I don't want to call EntityAPI on clients. My understanding is that I should not call EntityAPI from clients because I suspect that hackers will modify the script and use EntityAPI to cheat, am I wrong? I plan to disable AdminAPI, ServerAPI and EntityAPI when I build for clients.
I am afraid that clients might use their own or someone else's EntityID and use it to modify Objects or participate in matchmaking without permission.
If I argue against this myself, I would say that it is safe to enable EntityAPI if I hide important item names, queue names, and object names by cloudscript. There is a possibility to do it this way.
Please educate me if my understanding is wrong.