If people seeing your frontend code is a security risk, I've got some bad news for you...

See the source code and interacting with it running is different.

every system has an attack surface. If you make yours easier for any person to use "alternative" paths, I also got some bad news for you.

the implicit argument you're making here is that the only acceptable security risk mitigation strategy is one that works 100% of the time