It will be enough until the server is pwnd and the data is leaked to the world.
Data breaches happen literally every day.
But that's OP's point. If the server is pwned, the hackers can simply change the front-end of the app and have it send the confidential data to wherever after it was decrypted on the client.
But that's OP's point. If the server is pwned, the hackers can simply change the front-end of the app and have it send the confidential data to wherever after it was decrypted on the client.