In my game it’s important that information on a player’s GUI be kept secret, so naturally I’m worried about security. In a studio test-server you can’t access Player B’s PlayerGui from the Player A client. But this doesn’t mean an exploiter can’t get ahold of other player’s GUIs, or does it?
Mostly nothing in Player Gui is replicated to the Server, this is a reason why with Filtering Enabled, Server scripts don’t run in Player Gui , due to the Server not knowing about the script’s existence
For some reason now, screenguis are cloned into playergui by the server. The old behaviour was the client cloned them into playergui. Though I must ask - why is information there a secret?
I’m making a turn-based card game. If an exploiter knows what cards someone has then it’s obviously not a very ideal situation.
If you turn off
CharacterAutoLoads in the ‘Players` service, guis should not be cloned. From a localscript you could then clone them yourself