They are. But if you have sanity checks, you should be fine.
You could always check what arguments are passed through the event, or even check how fast the remotes are being sent.
If your items are important, keep them in server storage, and do sanity checks on the server with a remote. If not, you can keep them in replicated.
It keeps track of the items from the player inventory.
Anywho, I think I got it now, thank you guys.
so in your code above, you’re trying to create an antiexploit?
No, I don’t need to, I’m trying to hide my models and user data therefore the exploiters saveinstancing can’t grab my stuff.
you can keep the items in ServerStorage only if you don’t need to access them from the client.
as long as they’re in SS exploiters cannot access anything from the data.
I’d just like to note that the way some (if not all) roblox exploits work is by running client-side code. So it’s just like code written in a localscript. This is what you have to keep in mind when tackling exploiters.
They can also see what code is being executed on the client from your localscripts.