...
While this would not prevent a malicious party from altering it, which would require server-side measures, there is typically no need for to worry about that since the service provider is responsible for determining the strength of the authentication required.
...