There are 3rd parties that deliver obfuscation of php code, like nucode. I don’t think that sc will embed tools like these, they are even more expensive than Scriptcase itself. Url’s hidden, i have never seen that. No matter if you use $_POST or $_GET you can get these visible by tools like Tamper. Point is that you need to be aware of these standard php issues. Links cannot be tampered any more (since the beginning of this year) and if you use sessions, you cannot access pages directly without being logged on. Security is a serious issue. But Scriptcase cannot think for the developer, he/she needs to be aware of what he/she does and how it’s done. It’s pretty easy to generate security leaks if you don’t think ahead. Scriptcase can do a lot but not all.