Actually, whatever is on the user's machine (or in a Couch in the cloud controlled by the user) is 100% under the control of the user. They are free to alter the application, validations, etc, as they see fit.

However, when the user attempts to replicate changes to another server (maybe the original source server, maybe another server not under their control) it is the validation functions on the target server that control which writes are allowed to proceed.

So if my http://jchrisa.net server only allows updates from me (for instance for blog posts), you can still replicate my blog to your machine, and edit posts there, but when you replicate the changes back to my server, they will be rejected by my validation function.

Thank you; that is what I meant to explain, but you were much more clear. I guessed that wil was asking about the safety of his own application once replicated by others, because I don't see the concern of having users replicate their own copy, as long as the damage is contained.

Right, I was asking about the safety of the application that I write.

So any app written on couchapp can be considered to be modified by the end user if it's replicated to their machine. Then any application where you don't want users fiddling around with your 'source' is out of the question.

That said, there's plenty of applications that you'd want to pass along with the user's own data that you'd want the end users to fiddle with and improve.

With that in mind then, I'm guessing you can have validation functions that allow you to selectively update the design documents that you want from another person's changes, just as I can selectively replicate data from another person's copy of the couchapp.

Validation funs give you a lot of control over the update logic. However, they cannot be used to grant anonymous write access to application code. The design document may only be updated by the database or server admin.

It depends how you set it up.