I’ve heard someone said that remote functions are not secure and should be prohibited from use.
But is it?
For example I want to make a ability that does something one the server, and while the ability is still active I’ll keep all controls of the player disabled.
Should I use a remotefunction to wait for call back then re-enable controls or should I just use a remote event and then use a task.wait() to wait for a approx time the ability will last?
Are there any circumstance that I should never use remote functions and when should I use them?
RemoteFunctions certainly aren’t prohibited, all you need/can do is add server-side and client-side protections to ensure what is happening is what is supposed to happen.
As @TaxFraudBruh mentions, they aren’t prohibited. The common debate in which is brought up with RemoteFunctions however- is how they may throttle code from running, or requests to them may be dropped if not properly resolved by clients, throwing an error.
It’s more “common” practice, or at least becoming more common, to use RemoteEvents and simulate what a RemoteFunction may do. This is what a lot of larger scaled games and frameworks have done to circumvent the aforementioned problems.