unless the modulescript isnt placed in serverscriptstorage, then no pretty sure
Then how would the client access that value? If you give the client the value in any way, be it a value or object, it will be possible for that value to be read (using spooky functions like getupvalues)
nevermind, you’re right
filteringenabled/anti-exploit scripts that make sure clients cant get past are very hard to make