#Confused with the dangerousRemoteDomainIPCAccess setting

Hey guys, could use help with some clarifying.

So far, we've always built our web app that we're wrapping with Tauri and packaged it along our desktop app before releasing a new version. This is kind of annoying, because whenever we make a change to our web app, we need to redeploy and rebuild our desktop app as well so that we can bundle the latest web app changes as part of the new .MSI.
This dangerousRemoteDomainIPCAccess setting seems like a way to go, because I can just define a URL of our running test/production application and give it access to our Tauri desktop app API and commands.
Now, I've tried configuring these settings, and what confuses me is that I can still call the API even without them (if I don't configure the dangerousRemoteDomainIPCAccess as part of the security property), I don't need any settings whatsoever and the domain that I've loaded remotely inside the webview can access all of the commands I have in my Tauri application.
Not sure if I messed something up with the settings, but essentially what I did is just point my devPath to the remote domain, and adjust all the configuration URLs to those of our test environment.
Can anyone explain what's going on? How can I confirm whether what I explained is actually what's happening?

what I did is just point my devPath to the remote domain
This basically already includes the dangerousRemoteDomainIPCAccess settings

So I don't have to configure anything?

that's it? I have full access to the API?

what about the specific windows and everything that's defined as part of the initial dangerousRemoteDomainIPCAccess, the plugins the windows? It enables all of my stuff by default?

as far as i know yes

it may be different in v2, and if not we may count this as a bug. But in v1 we can't really change it since people depend on it.