Re: moving functionality from the server side to the client “brings its own security challenges”.
While I wholly aggree about security being server side, I suspect that a large part of the issue with client side security is that because there are so many developers (ab)using JavaScript to create single page applications it's the access and functions that these provide to locally available resources that is the problem.
On the other hand I have come across far too many idiot developers who assume that everything that comes from their "rich" web application is trusted and therefore adequate security and data validation on the server side is not necessary.