That’s not a client side database. The “verification server” is a publicly accessible database.

Publicly accessible? Well, if you share the database username and password, maybe yes.

The credentials can be taken from the disassembled source code, but I've already taken it into account. The next versions will use an HTTP API.

Yep. I would avoid this library.