Pretty much why it’s a bad idea. It’s only worth it when:
-
The time taken to implement / maintain the security feature is considerably (orders of magnitude) less than it takes to break it.
-
There is a minimal efficiency tradeoff
Very tricky to develop client-side security matching both criteria.