Example : Consider I have an navbar and that navbar as a button which should be available to use only when the user is authenticated. Now, here I can use dmx-show or dmx-hide dynamic attributes based on the server connect of the authenticated user details. But I don’t seem to find them very secure since they are hidden using the css properties, which are easily editable.
So, is there any other way to literally hide a content from even appearing in the code ?
Use conditional region instead, its content won’t be rendered in the browser when the condition is false:
Contents of the menu can be populated via server connect which will check on the server side access for relevant users’ access. This is the most secure config that you can do - on the server side.
I don’t think it is a security issue when interface items are hidden using css, as long you have the data secured. Also hiding like Teodor suggest would prevent the user from seeing the DOM elements with devtools, but it is still in the HTML source. If you really want to hide the content within the source then you have to do that server-side.
It is true that the could edit the css to make it visible, but if the resource where it links to is protected it doesn’t matter, make sure you prevent access to the pages and server actions that are restricted.
Maybe some server-side rendering components can be added to the right panel for node projects.
And PHP 
I didn’t mention because you know…it gives me the creeps.
No really. I believe php model doesn’t have templating and SSR available as node model has.
I knew I was dropping a small grenade by mentioning it. Having some PHP inserted automatically would be handy, though, and doesn’t require templating.
eg.
<?php if($var == '') { ?>
HTML OUTPUT
<?php } ?>
Maybe I should have opened this question under a different topic, but I still want to ask. Could it be using SSL/TLS to get reasonable security for sensitive data transmitted in Wappler API calls? (How do we make post data more secure? ) So how can we make API calls more secure?
If the data is that sensitive then it should demand its own area away from the main content. Sometimes its best not to mix too much in your pages with regards to shared environments. Its far better practice to have them separated and dedicated, especially if sensitive. Then you can apply further restrictions as required, either through Security Restrict and Enforcer or other means…