I’m a DevOps engineer by trade, and do a lot of work with network security. “Never trust anything on the other side of a connection” is fine and all as a rule of thumb, but real solutions have more nuance than that. What is “trust”? Should I just never connect to anything? Obviously we have to, so we’re already assuming some level of “trust”. There are always degrees of trust, and a peer to peer game server is a higher degree than browsing a site hosted by a server, is what I think the developer meant.

Now, I agree with you, this shouldn’t be some full substitute for proper network security or whatever, but I don’t think they’ve given any indication that’s the case. I can also speak from experience that certain choices in tooling are thrust upon dev teams at times, for cost or “political” reasons. It’s also fully possible it’s just a bad call from a techie who worked on a prior project with it or something.