It's not about thinking outside the box .. I can respect that you have this blissful fantasy that securing the client is possible .. we've all been there, you just haven't yet crashed into the wall of realization.
That's a different problem. It is technically feasible with the correct inputs to post funds to your account from someone else's account. That information is usually obtained through social engineering.
But the point is the entire "state" of an account is handled on the server - the client can only request transactions to be made, which the server will always validate. But that doesn't solve the problem of someone usen valid (but stolen) information to post a valid transaction.
To make a game analogy .. you could use a similar strategy with a game of Checkers. The server generates a game state and hands it off to the client. The client can then tell the server move-by-move what it wants to do. The server maintains the game state and validates each move.
But even this is not securing the client - it's just computing game state on the trusted end. Anytime you have a game where the state is exclusively maintained on the client side, you've already lost. It will be possible to cheat.
(you could also cheat at the "Checkers" strategy with a bit of AI).
unless the state is there for all the see. Map Hacks lose their purposes if game is played with no fog of war.
about emoney I meant cards where money state is stored on the card. They used to call it Proton here, Solo on the UK though i never used that one.
So while I agree that in theory state on the client side makes it possible to cheat, like I said, paper money is state on the client side. Money laundering does happen. But try to launder money using big fat notes of 500 euros? Doesn't happen very much.
So for highscores, nobody cares if people cheat for scores lower the Top 10. Alll you have to do is monitor the top ten scores using the above techniques and then some. For me, that's practical client security. Make recorded games and let the community check on those top ten highscores.
Now your point is one bright hacker would be able to masquerade even then. Well even the best money fakers are caught. They are playing "Catch me if you can"
What about your income history // highscore history. Maybe client security is also about how you design the community surrounding your game highscores.
That's why I wrote "real life ways" to achieve client security.