I don't read it as contempt but rather the equivalent of a backend engineer saying that you can't trust user inputs and need to validate, authenticate, and authorize every request.