question

Yes, in general you should assume that a hacker can and will see the specifics of the packets you send up to the service - even encryption cannot prevent this, as the details of the encryption are (necessarily) running on the local machine. And so using that information, the hacker could issue new requests with the same parameters (or even experiment with those parameters).

The best way to prevent cheating in a game is by having the things you want to protect only be authoritative on the server side, and to have code that checks the inputs from the client to determine if they're legitimate. Checking scores reported, time since last update, etc., are some of the most basic things you can do, and for most games there are more game-specific logic checks you can make.

But you should always assume that the client has been compromised, for any online game. How much security you feel is needed for your title, in order to prevent cheating, is going to be up to you. At the high end, you could have everything except for player input running on dedicated servers (hosted by us or not). And even in that case, you'll want to check the player inputs to monitor for cheating there (too frequent of updates, impossible values, etc.).