A large majority of exploiters do not know what they are doing. However, another large portion of exploiters do know what they are doing. Your best bet is to make sure you have strong server sided security, and an anti-exploit on the server. If you really wanted, you could make a client sided anti-exploit too, I recommend you obfuscate it if you choose to, but remember that it can be deleted, exploiters can stop events from being fired (.Changed, :FireServer, etc) and so on.