When we build a site or app, we should try to make it as secure as we can. We can never say that the site or app we wrote is 100% secure.
The rule I have for myself in site or app programming is that whatever code I write I think someone is going to misuse this code and hack or infiltrate our site or app. This means that I do not trust any information sent from the site to the user and I am completely pessimistic about all the information coming to the server. Because if we follow this rule, the security of the site or app we write will always be high, and we will have fewer bugs and bugs and the projects we deliver will not be compromised or exploited.
Well, never forget to be always pessimistic of any information that is sent to your site, and always think that this information was sent to hack or circumvent your site.