It can be changed on the client, but the default is set on the server. Someone would have to intentionally change it in order to have this problem. If a malicious user has access to your database, changing the SQL mode is the least of your worries.
in reply to Re^2: [OT] Why I don't use Mysql for new projects
in thread [OT] Why I don't use Mysql for new projects