But doesn’t removing insecure force the use of methods and stop client-side updates? In which case why do you need the deny too?
e.g. the tutorial docs say:
Every newly created Meteor project has the insecure package added by default. This is the package that allows us to edit the database from the client. It’s useful when prototyping, but now we are taking off the training wheels. To remove this package, go to your app directory and run:
meteor remove insecure
If you try to use the app after removing this package, you will notice that none of the inputs or buttons work anymore. This is because all client-side database permissions have been revoked. Now we need to rewrite some parts of our app to use methods.
Hopefully eventually we can just remove allow and deny altogether into a separate package, so that you can just meteor remove allow-deny. Then it will be a lot less confusing.