Yes, I’m responding with the assumption that you’re still going to implement basic checks in critical systems where appropriate and it doesn’t really change the content of my response, the core of it being that putting yourself lower than exploiters to get back at sock puppet accounts is pointless.
These are all things that are expected of you as a developer and “tricks” they perform as well. Mixing in security code with standard game code, obscurity (which isn’t real security), all those things are already being done. You’re not beating the client on their own machine though, they can modify whatever they like on their end up to copying the standard game function without the security code and having that run on the client instead of the rigged up one.
Again, you’re still speaking in hypotheticals but not any battle-tested or substantiated view points. Like what do you mean “I won’t render avatars behind walls”, okay they can render the avatars themselves? It’s exacerbating what I mean by that this is a waste of time.
And lastly: no, I don’t recommend encouraging rule breaking. Simulate exploits with game code if you need to test your game’s security. People can’t actually exploit to test your security and they won’t be safe from a ban just because you make it public.
This has deviated a bit from “is it ok to destroy an exploiter’s gameplay” to hypothetical security talk without any actual basis or knowledge of the capabilities of exploiters. So again, like I said to someone earlier, we’ll have to agree to disagree on our views here, because I don’t find it productive repeating things I’ve already posted.
If you’re insistent on doing it (destroying exploiter gameplay), then just do it, why do you have to ask others only to disagree with them when they post? It doesn’t seem very helpful to anyone to disagree for the sake of disagreeing without any actual basis or understanding of how these things work. Your efforts here aren’t really going to do anything significant and the “solutions” you’re thinking of aren’t exactly very good either besides server-side security checks (which are good).