Honestly you’d have to come up with some ideas for server checks to make that remote secure. Granting the client the power of passing the position of the bullets as a callback is extremely dangerous. I personally would opt for completely changing the script, and maybe you should do the same.
Should any of this be too complicated, you could add server checks that makes the manipulation of this gun’s system more difficult.
Like @SkyStoleMyCookies said, I would make a rewrite. That post was directed to beginners to make nice looking animation, more complex games like phantom forces, shooters, may have the animation systems to be similar but their server and client communication is various and complex.
When ever you say “Prevent Exploits” always think of the server and how it should be checking on the client.