Quote Originally Posted by Johnaudi View Post
How could Kent fix this? Several ways, one of the common ways is to double-check the JS file's hash before posting it on the server; another would check the hash of the whole program to prevent its tampering.
That was actually done a few upgrades ago (6.12), I just didn't announce it. The EXE now validates its own digital signature. That will fail if any modification has been made, including the embedded JS client code, and the program will shut down. But code running on the hacker's own hardware can always be hacked and patched, such that those protections are stripped out. So there are no guarantees.