Meteor's source code open to the clients?

Question

From a general glimpse of it, it seems that source code for Meteor app is open to the clients due to 'Write one Javascript file, run it on client and server at once' theme.

If server side source code of particular app open to client sides, wouldn't it be easy for random person to copy them and create very look alike app?

Wouldn't it be easy for person with evil purpose to find security holes in the app, because its server side code is open to the public?

For instance, in Meteor 0.5.0 's new example of parties app, model.js file seems to be sent to the client side as well.

Am I misunderstanding something here?

Edit

Here is the part that I do not understand.

According to http://docs.meteor.com/#structuringyourapp,

Files outside the client and server subdirectories are loaded on both the client and the server! That's the place for model definitions and other functions

I really do not understand it. If every model implementation, (including DB interaction) is sent to client, wouldn't app be less secure and easily copied by other developers?

Answer 1

Any code in the server/ folder will not get sent to the client (see http://docs.meteor.com/#structuringyourapp)

EDIT

Regarding the second part:

Any code not in client/ or server/ is code you want to run both client and server side. So obviously it must be sent to the client.

The reason that you would place model code in there is because of latency compensation. If you want to make updates to your data, it's best to do it immediately client-side and then run the same code server side to 'commit' it for real. There are many examples where this would make sense.

If there is 'secret' model code that you don't want to run client side, you can certainly have a second server/models.js file.