To the readers:
The good folks on Reddit pointed out something to me which I missed. If you have read this article, please also go through this response by RedGlow82:

This article really seems to miss the point.

Code that runs in your browser is under your control, and that's ok. The problem is if _someone else_ can access that code (another website, xss attacks and the like).

If there are backend services, the backend services are the ones who must check the input they receive, and this is a tenet of client/server security since... forever.

I mean, it's an interesting article because it gives us useful info to better debug and explore code. But anyone who bases their security model on the client JavaScript code, has already lost the battle.