I am not a mobile app developer but recently studying Cordova/PhoneGap for fun. I just studied FireBase and it was really awesome because it can do lots things without running my own server such as user auth/management, DB, file storage etc.

But I am just wondering about the right structure in regards of security. Because we only can use html/javascript/css in Cordova, I am not sure about the right structure to implement. Hackers can always change js codes so hiding contents is not possible.

For example, if a user has to purchase coins to watch a video. How can we secualy manage this using cordova and firebase?