A person can come and create an account. I've implemented a great validation on client side, for example if he does not provide a valid email address, I will inform him right away that is is not valid email (with client-side JavaScript).
But client-side validation can be easily bypassed by an attacker. So I have also used the same validation on server side as well. But the difference is user experience. For example, if JavaScript on the client side is disabled and the user provides a invalid email, the application will just tell him error (after the form is submitted and page refreshed). No more information. (because I assume he is an attacker so my website should have awful user experience for an attacker).
Now my question is this: Will be my website's user experience be okay if I do that? (Great error reporting to users on the client side but awful on server side, server side will just return 'error' after the whole form submitted for any failed validation).
More Explanation:
Whenever a user types invalid text into inputs, the application will tell him right at the bottom of the input with red text that he has not typed valid text. (This will happen because of client-side JavaScript).
But if somehow client-side JavaScript has been disabled and a user types invalid text into a input, server side will return just 'error' to the user after page submission.
Since you are already doing the server-side validation, the question really is whether you want to still provide a comparable user experience for users who don't get the client-side validation for whatever reason, and that's up to you.
I don't think it's 100% safe to assume that everyone with JavaScript disabled is up to no good, but the percentage of legit users without JavaScript is probably small enough that you don't need to invest in providing the same level of user experience for them. This Q&A on ux.stackexchange.com may offer some insight on that. (It's a bit old, but I think its points are still valid.)
A reasonable compromise might be to add a <noscript> tag in your generic error with a message to inform them that they won't see detailed errors with JS disabled.