Has anyone tried reading / modifying the saved Remote Settings file on client side?

Background: Just like the case presented in this issue with Remote Settings, I would like to use Remote Settings to hide my server base URL and some other authentication infos. I couldn't just put those values in PlayerPrefs and even more so directly into the code as values of static variables (since obfuscation is a big no-no as per this) and even if I encrypt my data, it'd be useless since potential crackers can see how it's being decrypted.

Now, according to this doc: "The web service from which Unity downloads the Remote Settings configuration is read-only, but is not secured. This means that the configuration could be read by third-parties. You should not put sensitive or secret information into your Remote Settings. Similarly, the saved settings file could be read and modified by end-users (although any modifications are overwritten the next time a session starts with an available Internet connection)."

The question: Has anyone tried reading and/or modifying that saved settings file (on the built game) on client-end side? I'd like to test how not-so secure Remote Settings is.

 

Holy crap! Thanks for the link to the manual.

And thank you so very much for passing the feedback to the Unity dev team. <3
You rock!