With the current implementation the character files for Up- and Download from the ARK are accessible to the player. In practice that means that players can arbitrarily manipulate them, cheating as they see fit.
Obviously you will want to avoid that on your self-hosted servers. As it turns out, that is actually quite easy, since there is an option to disable character imports onto your server in the server settings. It’s called NoTributeDownloads (set it to True)
and saves you all this trouble. If you’re not sure on how to set this option to the correct value, please consult the Server Settings Overview Page.
All of this does of course go to show is a larger principle in preventing cheats: Don’t trust any data provided by the player. Why this principle wasn’t observed in this instance is unclear, but given the amount of patches they have produced so far I’m fairly confident that we will see a patch reacting to those issues soon.