I understand, that without server side validation there cannot be secure login, however there should be more or less good way to login Facebook user.
Currently I get facebook user id through Graph API and login user this way:
Player.loginWithKey(userData.globalId, loggedInToFloxSuccess, loggedInToFloxError);
where globalId == facebookUserId + "_facebook".
In my opinion, this is not secure at all. Even if I hash it like this:
SHA1.hash(userData.globalId + "_facebook")
That won't be much harder to hack.
So I would like to hear from you about "secure" login with Flox in that case.