Thanks for the suggestions and info. One thing that may help is that I’ve implemented authorization for the server: the user has to have created an account & then sign in to access files in the designated directory. Do you think that this adequately addresses the security issue?
I will probably pursue the Deno server approach to see how far I can get with it, then think about what really should be done.