DDNet 0.6 is 0.6.4 based. DDNet then added its own TKEN extension for anti spoof tokens which is not understood by Teeworlds servers. Then Teeworlds 0.6.5 introduced its security tokens which is not understood by the ddnet client.

⚠️ teeworlds 0.6.4 <-> teeworlds 0.6.4
⚠️ teeworlds 0.6.4 <-> teeworlds 0.6.5
🔒 teeworlds 0.6.5 <-> teeworlds 0.6.5
⚠️ ddnet <-> teeworlds 0.6.5
🔒 ddnet <-> ddnet
🔒 ddnet <-> teeworlds 0.7

This means that if you play ddnet on a teeworlds 0.6 server you can be spoofed. While recent teeworlds clients can not be spoofed.

Imo the 0.6.5 tokens are nicer than ddnet's TKEN extension anyways. It uses a flag in the packet header to be backwards compatible.

And the token is included in the packet header. While in ddnet the token is appended at the end of the packet payload. And the backwards compatibility depends on state (having received the TKEN magic bytes on connect).