It is a good feature for a jam! Love it!
Though I agree is easy to hack I thing is fair to assume that i the context of a jam looks great as is. I may use it to learn something xD
I won’t use it in prod though.
I agree with this. The threat you are facing is pretty context sensitive. Worst case here is that someone spams your Highscore with bogus data.
Is it annoying? Sure. Does it reduce the enjoyment of your game? Probably not much. Is there a threat to your players or their personal/sensitive data? Definitely not.
So worst case scenario is annoyance. Do you want it from a product you paid for? Probably not. Can you forgive it in a 48h jam game, especially if caused by a third party being an asshole on purpose? Hopefully.
So I would leave it and fix it later if the game continues to be a project after the jam.
I had a similar situation in my project. You could spam my lobby server with fake games and keep them in the server list if you emulate the heart beat for each one. You can even manipulate the shown player count for existing games. But why would you for a jam game? So I could either have spent a portion of my 48 hours to make the lobby more secure against dedicated assholes or spend it on my game. The server doesn't store any personal data (it doesn't store ips, only a token for the signaling server) so it can't leak any. And if someone starts spamming (again, I don't know why anyone would for a small jam game) I'll start blacklisting ips (because I can see the logs...)
We should both remember to tighten up security after the jam though.