JavaScripts are run on the client. This means that the client has full control over what the scripts do. The client can completely turn off your web page’s ability to run scripts, or it can selectively turn off certain features (such as the ability to pop up new windows or leave cookies).
It also means that the client can re-write your JavaScripts. You should never use JavaScripts to verify or create data which you then trust on the server end. You can use JavaScript to verify and create data to assist the viewer, but you must always verify on the server or by hand any data that the client sends you. You cannot trust JavaScript to give you valid data.
