If I have a module script inside of a tool, can its code be stolen by an exploiter?

Hi, I am trying to design a weapon framework, and a part of it relies on the question in the title. Thanks for any help.

Simple and short answer: Yes.
Exploiters have the ability to get the source of LocalScripts and ModuleScripts, unless they are located in ServerScriptService or ServerStorage.