Kyatric's plugin is the only way i know of to make your ajax post's more or less secure.
Your server should be sure that your post (and its parameters) came from your application, and from nowhere else.
The only "secure" way to do this is HMAC (http://en.wikipedia.org/wiki/Hash-based_message_authentication_code). Sounds complex, but basically very simple.
Your application signs request parameters with standard parameters and sends a hash (aka message digest). Hash to compute the parameters themselves + a shared secret key (it is very important that the key is not public, and known to both sides who want to safely talk, but no one else).
So if you're using php on your server, you should call savescores.php (preferably POST request) and post some data like:
variables. Hash should be generated before posting (in php code):
$ Str_params = $ name. ''. $ Score;
$ Hash = hash_hmac ('sha1', $ str_params, SHARED_SECRET_KEY);
PHP then gets all the POST parameters (each variable separately + hash), and has at its (the server) side to make verification hash (digest).
Server side doing so generates hash (digest) in the same way as the client (with the received variables).
And, if the received hash generated hash is equal that means that the parameters sent to the application came from your client (because they signed the same secret key which is known only the application and server).
If the hash is not identical, that means that someone is trying to cheat (or extremely, that you didn't generated the hashes in a correct way)
Now, the problem is how to get the SHARED_SECRET_KEY to the client?
You should think of an ability to send a key to the client without anybody knowledge. (Because if you use Ajax, then again, everyone can read it) - namely, how to pass to c2runtime a SHARED_SECRET_KEY, and that no one else knows? Server it should not send Client, otherwise the whole thing falls apart!
Take this whole post with a grain of salt, i'm sure there are better ways to do this, but i don't know them!