checking the magnitude of the HumanoidRootPart can be exploited because the client has network ownership of there character so they are able to position there character anywhere they like
can exploiters fire remote events / functions = yes
can exploiters position there character anywhere they want to = yes
can exploiters fire touch events in a server script = yes
here are some videos that might help
