Probably - don’t underestimate how bad security is in many places on the web. Especially for a bunch of middle/high schoolers that are playing a game rather than being security experts. That kind of security flaw was surprisingly common in the mid-90s.
Probably - I worked for a large bank previously, and one of our internal system apps was protected in exactly this way. When I pointed out that you could just turn off javascript in your browser to bypass the check, management told me “that would be hacking, and is prohibited”.
I wish I was joking.