When a dart app is compiled to javascript, how does one prevent users from injecting their own javascript and modifying databases in ways you would not want them to? How do we prevent users from reading the connection information?

(Sorry if this is a bad place to pose this question)

You would use this serverside, not clientside. (Dart is a language both for browsers and servers)