If everything is unofficial for you, then they can snitch about illegal business activities, about tax evasion.
I myself never give the code to the customer before payment, I show everything only on my hosting. Immediately before execution, I agree on this, I refuse the project if the customer does not agree. The exception is salaried work on long-term projects.

And you did not think not to give the source before payment? You can also show the work on your server, the customer can perfectly evaluate everything without source codes.

I had a similar problem - the customer disappears after paying. But I name the price taking into account the presence of a link to me with a portfolio from his site, but he still does not open the site =(
I decided to carry out more or less large orders only in a package, along with hosting. Thus, even if the customer disappears, he has already paid for the hosting and the site, at least for the sake of appearance, will hang
there.Moral: any non-standard situation must be foreseen before it happens.Customers are real people and they sometimes (often) have a brain fracture - they can wedge in any direction.

Work exclusively on an advance payment, in extreme cases, a 50% advance payment and you will be happy!
If reputation permits, of course :)

There will be problems even if you did not conclude any contract. In fact, the customer does not owe you anything, since you do not have a contract, but in the described case you fall under Article 272 of the Criminal Code of the Russian Federation. And the message “I will return access when you pay” will be an aggravating circumstance for you - committing a crime for selfish motives.
There is still a chance that your “bookmark” will be recognized as a malicious program and article 273 will be sewn in after it.

The topic is old. And it has already been discussed on various exchanges more than once.
If you work under a contract (you have an individual entrepreneur or LLC), then you have nothing to fear. The client will pay one way or another. In other matters, you can specify in the contract that the software product will be encrypted, equipped with a backdoor and other protection mechanisms. And if you work without any contracts, as a private person, then boldly embed the backdoor. But it's best to do as your host told megahertz and transfer the code, only after payment.
Some exchanges have a secure transaction service. But as practice shows, it does not always work properly. And then it is always nerves, time, strength ...

No, you do not sign any contract for the provision of services with the customer.

I also think that if there is no contract, then they will not have the opportunity to sue you. And so, I would advise you to show the result of everything on your hosting, and only then, after full prepayment, upload it to the server.
If they want to immediately see on their server (it happens that you can’t show a specific task on your server), then be sure that everything works smoothly and require an advance payment of 70%.

I was scammed once, now I work only through a secure deal (in the case of freelancing) or under a contract (registered by LLC)

The topic is old. And it has already been discussed on various exchanges more than once.
If you work under a contract (you have an individual entrepreneur or LLC), then you have nothing to fear. The client will pay one way or another. In other matters, you can specify in the contract that the software product will be encrypted, equipped with a backdoor and other protection mechanisms. And if you work without any contracts, as a private person, then boldly embed the backdoor. But it's best to do as your host told megahertz and transfer the code, only after payment.
Some exchanges have a secure transaction service. But as practice shows, it does not always work properly. And then it is always nerves, time, strength ...

The topic is old. And it has already been discussed on various exchanges more than once.
If you work under a contract (you have an individual entrepreneur or LLC), then you have nothing to fear. The client will pay one way or another. In other matters, you can specify in the contract that the software product will be encrypted, equipped with a backdoor and other protection mechanisms. And if you work without any contracts, as a private person, then boldly embed the backdoor. But it's best to do as your host told megahertz and transfer the code, only after payment.
Some exchanges have a secure transaction service. But as practice shows, it does not always work properly. And then it is always nerves, time, strength ...

The topic is old. And it has already been discussed on various exchanges more than once.
If you work under a contract (you have an individual entrepreneur or LLC), then you have nothing to fear. The client will pay one way or another. In other matters, you can specify in the contract that the software product will be encrypted, equipped with a backdoor and other protection mechanisms. And if you work without any contracts, as a private person, then boldly embed the backdoor. But it's best to do as your host told megahertz and transfer the code, only after payment.
Some exchanges have a secure transaction service. But as practice shows, it does not always work properly. And then it is always nerves, time, strength ...

Display a message like "Oops, looks like a bug, we should meet for a beer, buddy." And block the site.
And if someone will sew something on you - you made a website out of friendship :) If you, of course, do not have the fact of transferring money to you.
And if they say that it is malicious, you can say that this is a bug, but since you do not have any contractual relations, no one is obliged to fix bugs.