Clarification of "rock-solid security"

[blockloop]

Perhaps I misunderstood the code, but if this verification is handled on the client, isn't it possible to open a browser console and manipulate the js to return true? What prevents someone from visiting the site, loading the verification page, opening the browser console, deleting this code and then clicking the button?