An exploiter can accesses them and I think edit them. As a general rule never trust the client. Try to run all of your important code from the server as the client doesn’t have access to that. Another useful tip is that you should try and avoid the client sending information to the server as it could have been tampered with. But the server sending information to the client is fine. Here is a topic all about exploiting: Exploiting Explained.
2 Likes