Yes.
A clever enough user can edit the client-side code to do whatever they like.
Server modules, by contrast, cannot be edited by the user.
This is all taken from the docs related to Anvil’s security model here.
1 Like