Is it possible for an exploiter to manipulate the player instance field sent to the receiving server-side listener for remote events, or is the detection of that handled on hidden roblox backend?
For example, a player wishes to refresh a music title text label once they respawn, and so they request that with event:FireServer(). Would it be possible for them to pretend they were another player, resulting in a very annoying constant refresh of all players music titles?