There is already lots of posts about this sort of thing and make sure you put this in the right category, but if someone is exploiting your game and there is no backdoors or leaks they will only be able to control the client side, therefore if they deleted the whole workspace it would only effect them. They can manipulate certain features though, such as firing remote events, if you are using remote events make sure you have them secured on the server end as well as the client. Roblox games are fine unless you make certain features for them to manipulate.
If you have backdoors in your game then exploiters could make server sided changes, backdoors are usually from free models, botted plugins and such. Usually you can get rid of these by making sure you understand all of your scripts and there is no ‘hiden’ scripts in random parts.
For the script you posted, I’m guessing you want to disable the developer console. You can just make it false via the core gui settings
Hope this helped.