App Connect variables security

Short question: Can app connect variables be manipulated from the frontend?

Would it be safe i.e. to store a server side generated value in a connect app variable for use in another server connect form or can frontend users manipulate the value in some way?

Everything client-side can be manipulated by the visitor so you should always check things server-side before processing anything important.