Anyone that can access your website can access your socket server for events. I don’t know how or if Wappler has any sort of authentication for this, or if the events themselves contain sensitive data or just tell stuff like “reload this server connect called sc_chat”
Also, CORS doesn’t prevent someone from sneaking in your events, it only prevents another website from connecting to your website events