Frontend code can be easily bypassed or changed so you can't trust it to keep the state of your application in good condition. Nothing prevents me from picking the same username as someone else if there is no server-side code stopping it. Nothing prevents me from replying to a deleted comment if I don't check with the server.

That means that any validation that you do client-side you need to repeat server-side. Any business logic that you have client-side you also need to repeat server-side.