Whats stopping people from changing code in the client application as if people wanted to, they could easily just unpack all the class files and repackage them.
Basically nothing. In the past all sorts of compression, encryption, obfuscation etc. have been tried and were circumvented or broken by curious or malevolent people.
They can even build a new client that speaks the same protocol and run that against your server (if they can't hack your client due to your security measurements).
If you concern is safety and consitency, you must assume that clients are being hacked (or just buggy) and try to have all checks and game logic on server side, not in th access of the client. Only if all your logic is on teh eserver and the client is merely an input/output device you have some safety - but hackers will try to trick the server into unwanted actions by bogus input data thus you must check all input data not only on valid ranges but also if it is valid in the context of the clients state (whcih needs to be modeled/mirrored on the server side to some extend for this).