franzap on Nostr: Are signatures still validated client side, or can the cache tamper messages?