MiniKit is purely a communication channel between the client and the app. Your application should never default trust any payloads it receives on the client side. Verify, Pay, and Wallet Auth should all be verified inside of your backend.