its pretty secure, you can't read client set attrs on serverside
example:
PHP Code:
function onCreated() {
this.attr[2] = "test";
echo(this.attr[2]);
}
example2
PHP Code:
function onActionServerSide(temp.cmd) {
switch(temp.cmd) {
case "testEcho";
echo(this.attr[3]); //wont echo anything
break;
}
}
//#CLIENTSIDE
function onCreated() {
this.attr[3] = "test";
triggerserver("gui", this.name, "testEcho");
}
However you can read server set Attrs on Client