Can you share a clear example? This still seems like a contrived complaint. How did someone fat finger typing that specific naming requirement prefix? Or how is leaking a value into a template like that not similarly a risk in Python or a Go backend that renders stuff on the server (like all the HTMX hype). It feels like you're saying that a fat client side SPA is the only answer to anything.