So I would say yes, you do need to be concerned about that sort of thing.
You and few other people including manager, CEO and engineers are working on an assignment. Everybody has input on given assignment that they can give by leaving a note in the system (web application). You can see any notes you are authorized to. In current implementation, we fetch all PKs(Primary Key) from note table that you are authorized to and save them in JS array. so when you navigate from one note to another, we simply fire a query by note id and get the content. No second checking at server end. So if it is possible to modify the JS variable, array etc, they can get access to the notes that they are not authorized to. Glitch.
So now I have to change the implementation to validate the requested data. More workload on server to KEEP the data safe.