I notice in the demo crm app, it has the on page load to check for logged in user and if not redirect to the login page.
Is this method sufficiently secure? Like is there a possibility this could go wrong and not stopped an anon/not logged in user from accesing an area?
If not what is the recommended best practice for securing it?
The best practice is to secure your sensitive data on the server side, by using permissions Security - Backendless SDK for JavaScript API Documentation . Each backendless service has a security page. In this case there is no matter how it is implemented on the client side, customer’s data will be secured.