Why ServerStorage ?
Sure it helps with security, but having the replication being done via remotes etc could possibly lower overall game performance. Mind you, I’m no expert, personally I would put the game map in ReplicatedStorage and have a localscript handle the replication manually.
Does this pose a security risk ? Yes.
Can you patch them ? Yes.
Can your patch be exploited ? Yes.
On the topic of security, no matter what exploit you encounter, there’s always a way to patch it. Likewise, no matter what patch you write, there will always be a way to exploit it. This is the reality that you have to face security-wise. There’s no ultimate patch for anything.
OP wants to avoid direct server replication, this isn’t about security so why speak of it right ? However one could argue that efficiency and quality does come to mind on any programming topics.
Surely security matters, but before we get to that, let’s look at a couple pros and cons,
1) ServerStorage
- More secure than clientsided method handlers [ PRO ]
- Slower than clientsided method handlers [ CON ]
2) ReplicatedStorage
- Replication can be done without having to go through possible latency delays [ PRO ]
- Easily exploitable [ CON ]
This brings us back to the old debate of Security vs Gameplay, personally I would suggest handling them on the client side, because statistics. You have to consider this, with server handlers, you’re looking at a guaranteed gameplay-affected experience for all players in your game.
On the other hand, with client-handlers, you’re looking at the issue of Security and Exploiters, the possibility of ruined gameplay experience for some players.
Between this two, it’s better to pick the latter, statistic wise. In no way am I saying that security is mediocre and redundant. In fact, security is always something I think about first when I’m programming, but while doing so. One must never sacrifice general gameplay for improved security.
With every method there’s flaws to account for. And in your case, that’s the only suggestion I could think of really. In no way will this be the best solution, it is simply my humble opinion. Someone else may stumble upon this and suggest a method unknown to us, and in that event we shall learn and improve !