Someone explain what I am missing... I was able to run a simple wget, and I had 100% full functionality of an app (utilizing their API Key, and App ID and all) and run it on my local machine. Data flow is seamless between the local and hosted apps. So while I don't have to worry about a backend, neither does anyone who wants to "borrow" my app. There isn't really any form of app authentication built in that I could find, the REST API master key is the closest thing.