Hey Don, thanks a lot for going through the article and providing your inputs. I genuinely appreciate it.

While I agree with what you are saying, it seems to be analogous to: anyone can write their own script to interact with the same backend endpoints as your script.

I agree with this, but if you look at the minified versions of any of the client-side code, you might find it harder to really decode the whole logic and then design a malicious script to attack; compared to just identifying a variable in the source script.

Hence, the solutions mentioned in this article, like all the solutions to security issues, only make it harder to attack your system.

Please let me know if I am missing anything (or if I am not making any sense at all).