Let's say I've a leaderstats script. When a player joins, a folder is created which is called leaderstats and inside the folder is a IntValue which contains Cash and it's value.
For example in Jailbreak; When you join, you have a default value of Money.
So, does the leaderstats script get easily exploited or changed by exploiters?
From my experience with exploits and stuff, no. Exploits are usually client-sided so only the client can see that they have money. If you are doing your comparisons for prices on the serverside, you should be alright.
Agreed with what 7z99 said, however if you are worried about exploits and such, you could always use a linked leaderboard that stores the real stats in ServerStorage, and shows it in leaderstats. However, like he said, those kinds of exploits are client-sided.
As 7z99 said, you're safe to have a leaderboard script.
Just never read anything that the client can change. When checking player's money do it on the server, when setting players money use the server.
The only thing that the Client should do with the leaderstats, is read from it. The server should set, if you're reading from the Server, you need to change it so that you aren't reading on the server.