- Servers are immune because they ignore repeat requests
- UID is (almost) worthless
- RSA is (almost) worthless
The only ways to defeat programs like these (again, normal packet forgery is more than enough) is to verify all information sent. I'm fairly certain RuneScape also scrambles packet IDs/structures to further combat automated attempts.