Exactly. I've been telling them that for years. The country's M.O. is:

(a) sucker businesses over there with lure of cheap labor

(b) steal their intellectual property

(c) combine that I.P. with domestic activities to steal market share

(d) try to dominate the market with combo of cheap labor, domestic R&D, and freshly stolen I.P.

It's a dumb game for American companies to get into in the long-term. In short- to mid-term, there's plenty of money to be made while you have the I.P. and market. And, like you said, someone else takes the hit in the future. An externality.

This is part of the reason for the server demands as well as spying.

When a business has things on a server somewhere and a relatively dumb client, it's REALLY hard to pirate, steal, copy, modify, etc. You can bake your "crown jewels" into the server and it never gets into the hands of the client.

One of the phone chipset manufacturers used to run service where they would compile your code for you. But they would NOT give you the compiler.

I was really annoyed as a developer, but I also understood the reasoning as it effectively kept the Chinese from cloning their kit.

That is a strategy people try but it's usually weak. The Chinese have stolen TB from clients and servers across industries. One still has to protect the server from attacks from the client, other servers, or networks. Whole problem remains.

The main benefit of that architecture is to protect against non-technical insiders and others who have less opportunity for physical attack. The compute nodes are stored in a hopefully-secure location with files similarly centralized. Additionally, if the mechanisms are technology agnostic, there's potential for further hardening, monitoring, obfuscation, recovery, etc.

Doesn't eliminate a Chinese-style threat, though, if it's connected to a network in any way and doesn't use high assurance components.