I have recently started creating an online Tetris type of game, and I was wondering what amount of security I should implement for an online match. I am in a conflict where I want to make my game as secure as possible, but if someone were to try very hard, they could probably cheat in the game. For example when someone clears a line with a T-Spin (a move that scores bonus points). The client will send the lines cleared to the server and if it is or is not a T-Spin. The server will verify the lines cleared to make sure it is a valid number, but in order to verify if a T-Spin is actually a T-Spin it would require the client to send a lot of data and then the server would need to run a lot of calculations to make sure it is a proper move. Due to the fact that these calculations would be run every time any player places a piece during the game, it could cause a lot of lag and leads me to believe it would be better to accept someone very determined may be able to cheat at the game, and get an unfair advantage over other players (for example editing the client-side JavaScript and forcing it to say every line cleared is a T-Spin).
Although a cheater could win the game over other players, no important data would be at risk, like the database containing user ids, emails, or password hashes. This makes me want to cut corners for the sake of efficiency so that the servers can run faster.
Is there some computer science unwritten rule or pseudo-equation people follow when determining how much security to put in their projects?
