The GameInstance class is an object that represents the instance of your game (if I understood the documentation correctly) To me, I wouldn’t place character stats in the GameInstance and would instead place it in a PlayerState (if you plan on making a multiplayer game) or in the class that represents your character.
As for security and cheating protection, a first step would be to validate the input coming from the client.