Yes, sadly as it is possible for client to get access to Replicated Storage, but that requires a protection system as well.
Here it is:
Many posts have talked about this:
https://devforum.roblox.com/t/protecting-remote-events-not-about-remote-hacking-but-about-remote-existence
And like I said, exploiters cannot really do anything:
1 Like