As you know, everything in Halo Reach is governed by credits (cR). Credits are kept track of using online receipts of sorts, and these receipts only register with the servers when they're made by the game during online play; for this reason, receipts are impossible to counterfeit. When you sign your profile into the Reach servers, these systems check to make sure your credits match your receipts. If they match, great. If not, the system raises a red flag to Bungie and they will allow you to keep what you "earned" offline up to 1000 credits; it would actually take longer to keep hacking the credits over and over again at 1000 a hack than to go into a Score Attack matchmaking and earn them the hard way. If you have an unexplainable number of credits that aren't accounted for by online receipts, Bungie will notice and reset you all the way back to zero everything, as if you just started the game from scratch. And that's the security system in a nutshell; much of the security for save data is on the online servers.
The reason nobody is willing to even try to hack the credits when asked is because these receipts cannot be made offline, they have to be made during normal online play. It is a very crude system, but it does its job brilliantly.