Can Mylar be hacked?

I am interested in using Mylar for an upcoming project.

promises that Mylar makes an impression impressive. However, can a developer write a back attack in code that is allowed to run (checked by hashes / signatures) so that the data is compromised (probably via XSS)? Mylar documentation says:

"Mylar ensures that client-side application code is authentic, even if the server is bad."

The only way I can imagine that this is protection is by the fact that the browser itself prohibits the outgoing transmission of unencrypted data. But in order for this to happen, how the application can query the database, make callbacks to the server (I understand that Mylar is best used with a browser-side framework such as Meteor, but Meteor should still interact with the server for certain tasks).

Can Mylar provide complete data protection even from the application / server administrator?

Here is Mylar's expression (from http://www.mit.edu/~ralucap/mylar.pdf ):

3.4 Threat Model

Threats.Both the application server and database servers can be completely controlled by the adversary: ​​the adversary can receive all data from the server, force the server to send arbitrary responses to web pages by browsers, etc. This model includes a wide range of real security problems, from errors in server software to insider attacks. Mylar also allows some gaming machines to control the enemy and merge with the server. This can be either because the adversary is the user of the application or because the adversary burst into the users machine. We call this adversary active, unlike the passive adversary, who eavesdrops on all the information on the server, but does not make any changes so that the server responds to all clients as if it had not been compromised.

. Mylar , .

" " /.

, , :

. , . , - , , (, ). Meteor, .

, ? , - ? , -.

, , , , ( ). " " , , , .

. 6 . , Mylar , . .