Using your browser developer tools (network tab), or a browser extension (like bizzomate mendix dev tools), it's pretty easy to get an overview of all available entities, microflows and constants of a mendix application.
If you're using good naming conventions (like you should) it gives possible hackers a very easy insight in the internal workings of your application and database and helping your competitors to reverse-engineer your application.
Also there could be information under the hood that's not a security risk, but you just don't want leaked (yet). Like a new feature that is in beta for some users.
It would be great if, when building a package, you have the option to obfuscate all this information.
This way we could choose which enviroments to use obfuscation.
In a workshop for the mendix CTF 2024 I just saw they implemented the obfuscation for Microflow names 😄👍 (It's done at the time of deployment.)
Totally agree!
In addition, obfuscate JScript Actions as well (and HTML/Javascript Snippets).