the client side can be as fast or faster than the ‘server’ side.
That’s not the case on a lot of JS-heavy sites, though. A lot of logic runs on the main thread, which slows things down. The only way to run things off the main thread is by using web workers, but that adds extra serialization/deserialization overhead.
That also has the potential to create securiity concerns at both ends
Generally, the more logic you have on the client-side, the more likely you are to have security issues relating to untrusted input or behaviour. The client is a completely untrusted environment (since a user can do whatever they want with your JS code), and increasing the amount of logic on the client side increases your attack surface there. Any code on the server-side can be trusted, since you wrote it and users can’t modify its behaviour.
That’s not the case on a lot of JS-heavy sites, though. A lot of logic runs on the main thread, which slows things down. The only way to run things off the main thread is by using web workers, but that adds extra serialization/deserialization overhead.
Generally, the more logic you have on the client-side, the more likely you are to have security issues relating to untrusted input or behaviour. The client is a completely untrusted environment (since a user can do whatever they want with your JS code), and increasing the amount of logic on the client side increases your attack surface there. Any code on the server-side can be trusted, since you wrote it and users can’t modify its behaviour.