This function is viewable in the browser. I’m worried someone could somehow access the folder and manipulate the db. Can I keep this open in the frontend or do I need to secure it in the backend?