How would you go about securing a remote that handles an in-game store purchases, would you check on the client if they have the valid amount of money then fire the remote or check on the server? I'm a bit conflicted on this
The main rule is that unless something is COMPLETELY client exclusive, you are always to assume that the client is wrong to protect yourself again exploits. All data is to be stored on the server, it's important to do all of your 'has enough money?' checks on the server instead of the client.