A lot of posts related to game security are public for anyone to see. This means that exploiters can find them too. An easy solution to this would be to have a private thread for discussing security that only verified/authenticated users can see.
How will you be able to determine that someone is and isn’t an exploiter tho?
It would not be perfect but it would help to have only ID verified users or other methods of authentication
It seems that this feature request is back at it, what prevents the exploiter from verifying with an ID?
Proper advice and prior experience should teach developers that the best way to secure their games would be by making the server the one source of truth and sanitizing everything the client sends to it.
You shouldn’t be so afraid of exploiters listening onto your discussions because if so that means you’re not telling others about good, secure practices and instead are telling them about poor, vulnerable practices (Like trying to detect metamethod hooking on the client). If proper security is being discussed here, then there should be no difference between the exploiter knowing about the developer’s methods or not.